On Aug 13, 2013, at 19:50, Aria Stewart wrote: > It’s a systemic flaw in the way that compression interacts with encryption. > The best ways to defeat it are to make your compression unpredictable to an > order of magnitude that outstrips the ability to guess what the content is by > how it’s compressed given enough tries. > > It’s hard to fix statistical attacks without letting the details leak into > the layers above. In this case, adding random data in certain places in the > stream is what’s needed — but that means altering the content, it’s not a > simple transform that can be done at low layers.
Yeah, that sounds like it's going way over my head. What is the vulnerability? that compressed data transmitted over SSL can be intercepted by third-parties? but that uncompressed data cannot be? -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
