[147210] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Cryptography] The paranoid approach to crypto-plumbing

daemon@ATHENA.MIT.EDU (John Kelsey)
Wed Sep 18 00:58:14 2013

X-Original-To: cryptography@metzdowd.com
In-Reply-To: <F3E5D809-8B03-4342-9298-0ED89ABA9E8D@gmail.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Wed, 18 Sep 2013 00:46:15 -0400
To: Sandy Harris <sandyinchina@gmail.com>
Cc: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

Arggh!  Of course, this superencryption wouldn't help against the CBC padding attacks, because the attacker would learn plaintext without bothering with the other layers of encryption.  The only way to solve that is to preprocess the plaintext in some way that takes the attacker's power to induce a timing difference or error message away.  

--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[147210] in cryptography@c2.net mail archive

Re: [Cryptography] The paranoid approach to crypto-plumbing

daemon@ATHENA.MIT.EDU (John Kelsey)Wed Sep 18 00:58:14 2013

daemon@ATHENA.MIT.EDU (John Kelsey)
Wed Sep 18 00:58:14 2013