| ...Convergent encryption renders user files vulnerable to a | confirmation-of-a-file attack. We already knew that. It also | renders user files vulnerable to a learn-partial-information | attack in subtle ways. We didn't think of this until now. My | search of the literature suggests that nobody else did either. The way "obvious in retrospect" applies here: The vulnerability is closely related to the power of probable plaintext attacks against systems that are thought to be vulnerable only to known plaintext attacks. The general principle that needs to be applied is: In any cryptographic setting, if knowing the plaintext is sufficient to get some information out of the system, then it will also be possible to get information out of the system by guessing plaintext - and one must assume that there will be cases where such guessing is "easy enough".
-- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]