On Sun, May 06, 2001 at 11:24:15AM +0100, Adam Langley wrote:
> On Sun, May 06, 2001 at 04:26:12AM -0400, Tavin Cole wrote:
>
> > > The document is encrypted and interleaved with the progressive hash
> > > control bytes. Its length must be a power of 2 _prior_ to the addition
> > > of the control bytes.
>
> Since we're on the subject - can we dump the control bytes? A chunk
> system:
> * Send 2 bytes of length of incomming data or 0 to signal
> CB_RESTARTED
> * Send that many bytes of data
>
> Makes the checkering and stripping code simplier and so means that
> nodes don't have to pad to the end of a block when something goes
> wrong. All in all it would just be neater design unless someone has a
> great reason for control bytes which I'm missing.
Hrm. I suppose that makes sense but gah, the amount of code to rewrite
in Fred would be pretty unpleasant. It would certainly delay getting
0.4 out.. :(
> > Doh! Since we're padding the document out to a power of 2 (presumably
> > with zeroes ??)
>
> Zeros is reasonable since the padding is pre-encryption. But it does
> give a known-plaintext attack. Since the padding is disguarded it's
> upto the client to decide what to pad with - but I'd suggest something
> at least slightly random.
Well, I think the only other way to go is to repeat some function
of the data, if we want to get our CHK collisions..
--
# tavin cole
#
# "The process of scientific discovery is, in effect,
# a continual flight from wonder."
# - Albert Einstein
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl
