On 10 Aug 2013, at 18:14, "Steinar H. Gunderson" <[email protected]> wrote:
> On Sat, Aug 10, 2013 at 06:11:09PM +0200, Dirk-Willem van Gulik wrote: >> I'd keep in mind that compression is simply an amplifier for this type of >> attack. It makes the approach more effective. But it is not essential; when >> you have in essence a largely known plaintext surrounding a short secret >> and an oracle. And the latter is not going to go away - current dominant >> site development models will make this worse; as do current operational >> models w.r.t. to picking such up early. > > Wait, what's the oracle if there's no compression? As as ultimately before - the origin server (and/or the traffic you compare it to). Granted - doing this raw is not that feasible for large key lengths - but even some slight weakness elsewhere (could be as silly as a render/timing change in the browser) will help. Dw.
