"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:
> I'm struck by the similarity of this attack to Matt Blaze's master key
> paper. In each case, you're guessing at one position at a time, and
> using the response of the security system as an oracle. What's crucial
> in both cases is the one-at-a-time aspect -- that's what makes the
> attack linear instead of exponential.
Indeed.
And of course, both attacks resemble the old password guessing
attack on character by character passwords where you time how
long password verification takes. (The details are pretty
hazy but ISTR that you arranged for the password to cross
a page boundary to increase the time discrimination).
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
