OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: RE: [xml-dev] The sky is falling! XML's dirty secret! Go back!It's

[ Lists Home | Date Index | Thread Index ]

On Thu, 2002-05-30 at 18:46, Mike Champion wrote:
> I don't know much about encryption, but from reading about
> cryptanalysis in WWWII it would appear that having a "crib"
> (a bit of known plaintext) is a useful shortcut to breaking a cipher.
> The tags in an XML message are likely to be known (or easily
> guessable) by an attacker.  So, a straightforward encryption of
> an entire XML message might be considerably less secure than
> an encryption of a non-self-describing message.  

I wonder if you could turn that to your advantage by encrypting
[element] content using different mechanisms on a per-element basis, and
leaving the structure in plaintext.  That would leave attackers with a
skeleton but only small bits of content to analyze.

Dunno.  It likely depends on the algorithm used as well as the level of
repetition in the content, and attributes are a problem as usual.

Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS