On 11/15/2015 7:55 AM, Alex Peshkoff wrote: > Presence of one surely known plain-text and corresponding encrypted > text will be of great help to the potential attackers in such a case.
Really? Why do you think it would be a "great help." What useful information is leaked? And how would a miscreant know a full cipherblock of header info? I think what you're referring is called a "chosen plaintext" attack that presumes the existence of an "oracle" (as in "evil") that the attacker can submit arbitrary texts for encryption hoping to deduce something about the key. Having a few instances of plaintext cryptotext pairs would be sufficient to break with ZLib or LZW, but I doubt there is a cryptosystem on the planet that is so pathetic that a handfull of known encryptions would be of any use. But back to practical matters, if the guy has the key to decrypt the headers, it's done. He's in. There's nothing more to do except moan. > May be we should better use something not so straightforward - > moreover, I'm afraid that presence of this known pair will not help > some people to use good algorithm, they will just cry: "firebird is > vulnerable to such simple attacks". Seriously - there are a lot of > other ways to validate a key. We may store a hash of that key in the > header. After getting a key server calculates a hash and compares it > with one in the header. If they match this is enough protection from > wrong keys. >> , so the architecture should be capable of phasing in new >> algorithms, but I don't quite see the point of designing for poor >> algorithms. >> > Possible point is to try to minimize troubles in a case when good > algorithm becomes poor. > > > ------------------------------------------------------------------------------ > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
