Now, you said compressed files and you might not have meant
pictures, but note that L-Z style compressed files don't really have
much in the way of headers. If the headers were a problem, you'd
expect longer files to bury any deviation in the noise, but it
doesn't. The longer the files I test the
| Given how rare weak keys are in modern ciphers, I assert that code to cope
| with them occurring by chance will never be adequately tested, and will be
| more likely to have security bugs. In short, why bother?
Beyond that: Are weak keys even detectable using a ciphertext-only
attack (beyond
On Thu, 12 Oct 2006 16:50:13 -0400 (EDT), Leichter, Jerry
[EMAIL PROTECTED] wrote:
This suggests that,
rather than looking for weak keys as such, it might be worth it to
do continuous online testing: Compute the entropy of the generated
ciphertext, and its correlation with the plaintext, and
| This suggests that,
| rather than looking for weak keys as such, it might be worth it to
| do continuous online testing: Compute the entropy of the generated
| ciphertext, and its correlation with the plaintext, and sound an
| alarm if what you're getting looks wrong. This might be a
|
On 10/12/06, Leichter, Jerry [EMAIL PROTECTED] wrote:
Beyond that: Are weak keys even detectable using a ciphertext-only
attack (beyond simply trying them - but that can be done with *any* small
set of keys)?
Yes, generally, that's the definition of a weak key.
But that's an odd
attack to
Travis H. [EMAIL PROTECTED] writes:
On 10/12/06, Leichter, Jerry [EMAIL PROTECTED] wrote:
Beyond that: Are weak keys even detectable using a ciphertext-only
attack (beyond simply trying them - but that can be done with *any* small
set of keys)?
Yes, generally, that's the definition of a
At 17:05 -0400 2006/10/12, Steven M. Bellovin wrote:
This is a very interesting suggestion, but I suspect people need to be
cautious about false positives. MP3 and JPG files will, I think, have
similar entropy statistics to encrypted files; so will many compressed
files.
Actually, no. I have
Given how rare weak keys are in modern ciphers, I assert that code to cope
with them occurring by chance will never be adequately tested, and will be
more likely to have security bugs. In short, why bother?
-
The Cryptography
Hi all,
It occured to me that there is a half-decent way to avoid weak keys in
algorithms
when it is undesirable or impossible to prompt the user for a
different passphrase.
It is even field-upgradable if new weak keys are found.
Basically, instead of using the hash of the passphrase up front,
