On Thu, 12 Oct 2006 16:50:13 -0400 (EDT), "Leichter, Jerry"
<[EMAIL PROTECTED]> wrote:

> This suggests that,
> rather than looking for weak keys as such, it might be worth it to
> do "continuous online testing":  Compute the entropy of the generated
> ciphertext, and its correlation with the plaintext, and sound an
> alarm if what you're getting looks "wrong".  This might be a
> worthwhile thing to have, not just for detecting weak keys, but
> to detect all kinds of software and hardware failures.  Since it's
> outside of the actual encryption datapath, a bug either fails to
> sound an alarm when it should - leaving you where you were without
> this new check - or sounds a false alarm, which unless it occurs
> too often, shouldn't be such a big deal.
> 
This is a very interesting suggestion, but I suspect people need to be
cautious about false positives.  MP3 and JPG files will, I think, have
similar entropy statistics to encrypted files; so will many compressed
files.

For a more substantive, less hand-wavey analysis, see
http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/storageint.pdf
which has actual file system entropy measurements. 


                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to