[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new draft of my paper
At 10:11 PM 3/25/96 -0500, Steve Bellovin wrote:
>I normally wouldn't announce a new version of a draft paper this
>soon; however, David Wagner has found a fascinating new attack
>called the ``short block'' attack. It's described in Section 3.8.
>The attack can recover read most user-to-host traffic on a large
>class of telnet sessions (though not all), using 2^8 known plaintext
>blocks and a simple active attack. This attack can be defeated if AH
>is used outside of ESP, protecting the integrity of the encrypted
>message (i.e., IP-AH-ESP-TCP is safe); using AH inside of ESP is not
>safe.
Excuse, please, my naivety, but to what extent would a compression bef
ore
encryption defeat known plaintext attacks? It would seem that compres
sion
could eliminate all known plaintext unless the plaintext was so long a
block
to always get compressed the same way.
Compression would help, but perhaps not that much -- there's still the
IP header, the compression dictionary, any incompressible sections, etc.
2^8 blocks isn't that much, and because of the way CBC works even repeated
plaintext like IP header addresses will be different each time.
Follow-Ups: