Re: encryption

Subject: Re: encryption
From: WJCarpenter (bill-abisource@carpenter.ORG)
Date: Wed Apr 25 2001 - 12:43:46 CDT

• sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: WJCarpenter: "Re: encryption"
• Previous message: Tomas Frydrych: "Re: FreeBSD binaries"
• In reply to: Tomas Frydrych: "Re: encryption"
• Next in thread: Tomas Frydrych: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Next in thread: WJCarpenter: "RE: encryption"
• Reply: WJCarpenter: "Re: encryption"
• Reply: Tomas Frydrych: "Re: encryption"

tomas> It does take more time than knowing a priory what cipher and
tomas> key size we deal with, but that only becomes an issue if you
tomas> suport a realy *huge* number of ciphers; even if you have 10
tomas> ciphers and the right one is the one you try last, you only
tomas> decrypted 72 bytes in vain, that's less than decrypting the
tomas> fancy <!--============--> line in the AW file header.

I'm a bit lost in your argument here. You're suggesting a little
guesswork in the code to avoid putting plaintext parameters somewhere
(which would eliminate the code guesswork). You said previously this
will help protect things from illicit guessers.

The illicit guessers have the same amount of work to do as legitimate
guessers. They would, in fact, just rip off the AbiWord
implementation. It's either easy for them to do the guesswork or hard
for AbiWord to do the guesswork. Either N is small or N is large; it
can't be both.

I guess you are just trying to multiply by N the effort of a brute
force attack, is that it? A brute force attacker is also going to
only try to crack a few bytes and see if it looks like a legit
document before spending energy to go further. (Aside: Does zlib
leave a few bytes of signature at the beginning of deflated data?)
Given that the algorithms that are smart to use have brute force
attacks that are "some really big number", multiplying that by 10
doesn't add much of an obstacle, relatively speaking.

Given that this obscurity doesn't add much actual additional security
from a competent attacker, why not have a clearer path in AbiWord by
storing the plaintext parameters instead of trying to guess them? One
doesn't have to guess parameters when decrypting PGP/GPG info, for
example, and that's not really held as a weakness in those schemes.

Anyhow, I'm just arguing for reduced complexity in the code (I don't
really care much about the performance issue on this one). I actually
look forward to a scheme which is pluggable and definitely not limited
to a limited number of ciphers (though I would expect a very limited
number [maybe none] in the AbiWord "reference" implementation).

-- 
bill@carpenter.ORG (WJCarpenter)    PGP 0x91865119
38 95 1B 69 C9 C6 3D 25    73 46 32 04 69 D6 ED F3

• Next message: WJCarpenter: "Re: encryption"
• Previous message: Tomas Frydrych: "Re: FreeBSD binaries"
• In reply to: Tomas Frydrych: "Re: encryption"
• Next in thread: Tomas Frydrych: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Next in thread: WJCarpenter: "RE: encryption"
• Reply: WJCarpenter: "Re: encryption"
• Reply: Tomas Frydrych: "Re: encryption"

This archive was generated by hypermail 2b25 : Wed Apr 25 2001 - 12:42:47 CDT