On 30/01/13 06:40 AM, Thor Lancelot Simon wrote:
...despite all the attacks we've seen on compresion-before-encryption, and all
the timing
atatacks we've seen on encryption, and the highly data-dependent computational
effort
associated with compression (including in widespread, hardware-accelerated, and
valuable
applications like lossy video compression, where the complexity of the input,
even in
applications where hardware escrow of some kind hides a session key, is exposed
by the
encoding of the output)...
..we haven't really seen any known-plaintext key recovery attacks facilitated
by timing
analysis of compressors applied prior to encryption?
My immediate reaction is that if you can do a chosen plaintext key
recovery attack, you don't need the assistance of compression timing?
And, if you're trying to just resort to a plaintext recovery, this is a
very high burden because you have to work with one message worth of
data, and all you get is .. one message worth of plaintext.
But it's a nice puzzle.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
