SMB writes: > I'm struck by the similarity of this attack to Matt Blaze's master key > paper. In each case, you're guessing at one position at a time, and > using the response of the security system as an oracle. What's crucial > in both cases is the one-at-a-time aspect -- that's what makes the > attack linear instead of exponential.
There's nothing new under the sun; both attacks are more similar than not to the classic Tenex page-alignment character-at-a-time password guessing attack. Speaking of which, does anyone have a good PRIMARY reference to that I've been trying to track one down for the print version of my lock paper, and all I can find is either secondary references (like countless OS textbooks and random computer security papers) or papers that you'd think would have the attack but turn out no to (like the recent Multics retrospective paper). Where did the Tenex attack first appear? -matt --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]