Re: encryption

Subject: Re: encryption
From: Tomas Frydrych (tomas@frydrych.uklinux.net)
Date: Wed Apr 25 2001 - 13:54:17 CDT

• sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: WJCarpenter: "Re: encryption"
• Previous message: WJCarpenter: "Re: encryption"
• In reply to: WJCarpenter: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Reply: Tomas Frydrych: "Re: encryption"
• Reply: WJCarpenter: "Re: encryption"
• Reply: Aaron Lehmann: "Re: encryption"

> Bill:
> The illicit guessers have the same amount of work to do as legitimate
> guessers. They would, in fact, just rip off the AbiWord
> implementation. It's either easy for them to do the guesswork or hard
> for AbiWord to do the guesswork. Either N is small or N is large; it
> can't be both.

Not really, for AW is not guessing. AW needs to try each cipher it
might support with the one key it is given, the brute force attack
means trying each cipher with every possible key. In fact, not
knowing what cipher you are dealing with does make any type of
attack more difficult, but I am not saying so much that we should
exclude plain text headers to increase security, but rather that
there is no technical need for such headers.

The other thing is, a document that contains only encrypted data,
cannot be proven to be an encrypted document unless you have
the key, and some folk my prefer it that way. I personally do not
have strong objections in principle to including a plaintext header,
but simply wish to point out that there is no need for it.

> Anyhow, I'm just arguing for reduced complexity in the code (I don't
> really care much about the performance issue on this one).

The appoach that I have suggested does not really increase the
complexity of the code, and it is clean and longterm reliable. If you
relly on the format of the data you are encrypting, then you will
need to modify the code everytime this format changes. I agree
that it is probable that if you pass zlib just some rubbish it will
complain, but chances are that under weird circumstance it may
not, at least not straight away. I know from experience that if you
pass binary rubish to the xml parser, segfault is a distinct
possibility. The prudent thing, IMO, is to identify that the decryption
is not working before trying to do anything at all with the decrypted
data, rather than rely on the ability of the code down the pipeline to
handle the rubbish gracefully.

Tomas

• Next message: WJCarpenter: "Re: encryption"
• Previous message: WJCarpenter: "Re: encryption"
• In reply to: WJCarpenter: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Next in thread: WJCarpenter: "Re: encryption"
• Reply: Tomas Frydrych: "Re: encryption"
• Reply: WJCarpenter: "Re: encryption"
• Reply: Aaron Lehmann: "Re: encryption"

This archive was generated by hypermail 2b25 : Wed Apr 25 2001 - 13:55:42 CDT