[
Lists Home |
Date Index |
Thread Index
]
On Thu, 2002-05-30 at 18:46, Mike Champion wrote:
> I don't know much about encryption, but from reading about
> cryptanalysis in WWWII it would appear that having a "crib"
> (a bit of known plaintext) is a useful shortcut to breaking a cipher.
> The tags in an XML message are likely to be known (or easily
> guessable) by an attacker. So, a straightforward encryption of
> an entire XML message might be considerably less secure than
> an encryption of a non-self-describing message.
I wonder if you could turn that to your advantage by encrypting
[element] content using different mechanisms on a per-element basis, and
leaving the structure in plaintext. That would leave attackers with a
skeleton but only small bits of content to analyze.
Dunno. It likely depends on the algorithm used as well as the level of
repetition in the content, and attributes are a problem as usual.
--
Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com
|
