| > They extended the confirmation-of-a-file attack into the
| > learn-partial-information attack. In this new attack, the
| > attacker learns some information from the file. This is done by
| > trying possible values for unknown parts of a file and then
| > checking whether the result matches the observed ciphertext.
|
| How is this conceptually different from classic dictionary attacks,
| and why does e.g. running the file through PBKDF2 and using the result
| for convergence not address your concern(s)?
How would that help?
Both the ability of convergent encryption to eliminate duplicates,
and this attack, depend on there being a deterministic algorithm
that computes a key from the file contents. Sure, if you use a
different salt for each file, the attack goes away - but so does
the de-duplication. If you don't care about de-duplication, there
are simpler, cheaper ways to choose a key.
-- Jerry
| --
| Ivan Krsti? <[EMAIL PROTECTED]> | http://radian.org
|
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
|
|
