[147210] in cryptography@c2.net mail archive
Re: [Cryptography] The paranoid approach to crypto-plumbing
daemon@ATHENA.MIT.EDU (John Kelsey)
Wed Sep 18 00:58:14 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <F3E5D809-8B03-4342-9298-0ED89ABA9E8D@gmail.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Wed, 18 Sep 2013 00:46:15 -0400
To: Sandy Harris <sandyinchina@gmail.com>
Cc: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Arggh! Of course, this superencryption wouldn't help against the CBC padding attacks, because the attacker would learn plaintext without bothering with the other layers of encryption. The only way to solve that is to preprocess the plaintext in some way that takes the attacker's power to induce a timing difference or error message away.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography