On 9/15/2015 12:57 PM, Leyne, Sean wrote: > >> None of these suggest that there is an attack -- read the comments. > They refer to a possible attack and provide links to other sites. One of the > sites has a link to the following: > > http://www.iacr.org/archive/eurocrypt2002/23320530/cbc02_e02d.pdf > > which (at least to my scanned reading) suggest that the is a vulnerability to > CBC mode ciphers... > >
No, it's actually about the pitfalls of padding when using CBC. Cipher text stealing (CTS) is an alternative to padding. The argument against CTS is that in some applications it may make message traffic analysis possible because it exposes the length of the encrypted message. That and $2.00 will get you a cup of coffee at Starbucks. We all know about an infinite number of monkeys recreating Shakespeare. A real life analog is the number junior academics trying to get published with pinpricks in solid technology. Much of it boils down to the quite uninteresting fact that if you corrupt the ciphertext, you corrupt the decrypted text as well. Well, duh. The article you referenced assumes an oracle to which you can submit artificial "ciphertext" and it will tell you whether it conforms to a known format after decryption. Enough probes on a packet with known padding and you might learn something. Well, duh. But none of this is about streams on a virtual circuit, e.g. TCP, with running stream or CBC ciphers. If you have an environment like UDP where somebody could slip you a bogus packet, then you need signed messages, but that's not the issue here. ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel