| > They extended the confirmation-of-a-file attack into the | > learn-partial-information attack. In this new attack, the | > attacker learns some information from the file. This is done by | > trying possible values for unknown parts of a file and then | > checking whether the result matches the observed ciphertext. | | How is this conceptually different from classic dictionary attacks, | and why does e.g. running the file through PBKDF2 and using the result | for convergence not address your concern(s)? How would that help?
Both the ability of convergent encryption to eliminate duplicates, and this attack, depend on there being a deterministic algorithm that computes a key from the file contents. Sure, if you use a different salt for each file, the attack goes away - but so does the de-duplication. If you don't care about de-duplication, there are simpler, cheaper ways to choose a key. -- Jerry | -- | Ivan Krsti? <[EMAIL PROTECTED]> | http://radian.org | | --------------------------------------------------------------------- | The Cryptography Mailing List | Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] | |