That is a valid consideration Doron, which brings the discussion back to the difference between encrypton and security. I believe that security is an end application responsability, not Lucene's. For instance, is it possible to write the end application so that those stats are hidden from or inaccessible to users? Victor
Doron Cohen wrote: > > Robert Engels <[EMAIL PROTECTED]> wrote on 01/12/2006 09:34:12: >> ... decrypting such small payloads .. I think it is also subject to an > easy attack, > > In addition, index statistics are still available, right? So one can know > how many docs, which (encrypted) words appear in which docs and exactly > where, and how often. AFAIK, with a large enough index these statistics > can be useful for cracking the encryption. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Attached-proposed-modifications-to-Lucene-2.0-to-support-Field.Store.Encrypted-tf2727614.html#a7646459 Sent from the Lucene - Java Developer mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
