[147030] in cryptography@c2.net mail archive
Re: [Cryptography] Availability of plaintext/ciphertext pairs (was
daemon@ATHENA.MIT.EDU (Raphael Jacquot)
Wed Sep 11 13:38:45 2013
X-Original-To: cryptography@metzdowd.com
From: Raphael Jacquot <sxpert@sxpert.org>
Date: Wed, 11 Sep 2013 06:49:45 +0200
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <87ioy8y6cx.fsf@self-evident.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1838581884449839234==
Content-Type: multipart/signed; boundary="Apple-Mail=_8F37D2C6-6E16-4B11-BA60-94CAA7FD66C9"; protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_8F37D2C6-6E16-4B11-BA60-94CAA7FD66C9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On Sep 10, 2013, at 6:43 PM, Nemo <nemo@self-evident.org> wrote:
>=20
> "GET / HTTP/1.1\r\n" is exactly 16 bytes, or one AES block. If the IV =
is
> sent in the clear -- which it is -- that is one plaintext-ciphertext
> pair right there for every HTTPS connection.
>=20
> In fact, _any_ aligned 16 bytes of plaintext in the conversation that
> are known, or that are in a guessable range, represent a
> plaintext/ciphertext pair if either of the following are true:
>=20
> 1) You sent the IV in the clear
> 2) You used CBC mode
>=20
> Of the modes I know (CBC, CTR, GCM, et. al.), the only one that does =
not
> freely give up such plaintext/ciphertext pairs is OCB.
according to http://en.wikipedia.org/wiki/Padding_(cryptography) , most =
protocols=20
only talk about padding at the end of the cleartext before encryption.
now, how about adding some random at the beginning of the cleartext, =
say, 2.5 times
the block size, that is 40 bytes for the example above, of random stuff =
before the=20
interesting text appears ?
- Raphael=
--Apple-Mail=_8F37D2C6-6E16-4B11-BA60-94CAA7FD66C9
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMeDCCBjQw
ggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0
Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn
BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDE1NVoX
DTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw
KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy
dENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOrlr6KMoOMpohBllVHrdRvEg/q6r8jR+EK
75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSMzR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC
+y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxD
z2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSDkOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr
/+N2JLKutIxMYqQOJebr/f/h5t95m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0w
ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFc
fH6WNU7y1LhRgjAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa
MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh
aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqDCH14qywG
XLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy6QMVQjbbMXlt
UfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPIzKKR9tQW8gGK+2+R
HxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKfKSETEPrHh7p5shuuNktv
sv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HORz9v3vQwR4e3ksLc2JZOAFK+s
sS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9sIPP7ON0fz095HdThKjiVJe6vofq
+n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCieuoBJ9OlqmsVWQvifIYf40dJPZkk9YgGT
zWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7tw1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGq
Up/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQG2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb1
9mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIGPDCCBSSg
AwIBAgIDB3OsMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcN
MTMwOTAxMTEzNzAxWhcNMTQwOTAyMTUzNDUzWjBZMRkwFwYDVQQNExAxa25PN0lieTdEUEVYNkxq
MRowGAYDVQQDDBFzeHBlcnRAc3hwZXJ0Lm9yZzEgMB4GCSqGSIb3DQEJARYRc3hwZXJ0QHN4cGVy
dC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq8SHmstDDg9RqWQCXs+z75yg8
5Ju9DzaPliQVy7LxT9hoVAshxOo2vJtDrur/G9wvAGJYaGpTbBmTC8KxMckEGgMd96wo0QLdkMQs
ujaMnH38UuYZpP6yCYZAxuloKvHgdQXQJzeAu3xbMQvr6KID7OJDAVVhR2w4EEWjIwbpl6wanv5r
b4bgheZe43323M3JvCV6q6emGyWSrk06nePvLHEvkByAEIMZhWpgQaWisoEetJ1BtcWSHF56f8pC
HZvzgp4h6/ILmCw5JSHPgfsvzTV1HWcwA5ajjryg6/013z0Mjh4Y8hdqMofwU5C6rtCvrsVfWu/5
GjAKRGsdsqd9AgMBAAGjggLXMIIC0zAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAU
BggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYEFOWdamt2lWiwus9xGaS1tJdqbKhaMB8GA1Ud
IwQYMBaAFFNy7ZKc4NrLAVx8fpY1TvLUuFGCMBwGA1UdEQQVMBOBEXN4cGVydEBzeHBlcnQub3Jn
MIIBTAYDVR0gBIIBQzCCAT8wggE7BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29t
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1
ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRo
ZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJw
b3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1Ud
HwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsG
AQUFBwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xh
c3MxL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMv
c3ViLmNsYXNzMS5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wu
Y29tLzANBgkqhkiG9w0BAQUFAAOCAQEAbPZ/YUP93WRsxNsLsG9N6HkSf0WvNmWLgwqCshsNwEgu
d4FAUEpMb2KnjVSywSOLjYj0RfaOnyGwTb0OKgdR+KiZb5YRprL5lTAKga7IEr6LahS5fyJtt7ZI
61o5v/D5H7g/OIlzEPbS3ktYw8g5AzoGD/Uw0rj7NivTq1K36hd+fO8p9pJa0pAjHAI6TduMa+zq
rJu9QNwgEk+kl2dDGQZk41co8oX9fB7KNgpjY7s9Pl4o1pX5D+uOR2K8+KeUSTlu7Ljv2xVdxqg6
19xsuTspkIWeGs84Pv6es1YnO6MMypuNicbpACtJla2WtFD62eKLZsnqHvTsHFaDpMIVOzGCA28w
ggNrAgEBMIGUMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE
CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g
Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwdzrDAJBgUrDgMCGgUAoIIB
rzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMzA5MTEwNDQ5NDZa
MCMGCSqGSIb3DQEJBDEWBBRqmlBPAlhV1/LPBVYF4mxcZrxyojCBpQYJKwYBBAGCNxAEMYGXMIGU
MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl
IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQ
cmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwdzrDCBpwYLKoZIhvcNAQkQAgsxgZeggZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDB3OsMA0GCSqGSIb3DQEBAQUABIIBAE2llvdJ
nGOwWiAsCPVjSIJQS5FVEVoTur+Nyr87/M8Uio0H5WnvaqyU+tCvhdzRzvhMUH/y5FdzTSUz2MlJ
Tq6SWVYqgoQ1s5eONLTRMGCVQvNMVX4tbtG6XQN4UIfurS+eAPoSsx80xHp8eLLTRi5S1X6Wr58+
2kn+XqPGfL/rwfWLRzUUqyz46Vg3/7WxUDWZZ/gpkFJGwW2iKOg3ouJGzZTgLFalBV0OQQI5tT95
2J0mDUiIa+bl1/XRp2TChRC6mgcV4vDcLbKsj7mvq4eGtxyVaDa0zwfnvDfUwLTgdMv+8ibhLBiD
vRWeUzsxddz/hoF9UzNJjhw3rO/15lUAAAAAAAA=
--Apple-Mail=_8F37D2C6-6E16-4B11-BA60-94CAA7FD66C9--
--===============1838581884449839234==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1838581884449839234==--
