Lists Home |
Date Index |
> 5/30/2002 6:05:50 PM, "Bullard, Claude L (Len)" <firstname.lastname@example.org> wrote:
> >Someone who understands encryption would have to answer that.
> >The article is not that informative but it is an interesting
> I don't know much about encryption, but from reading about
> cryptanalysis in WWWII it would appear that having a "crib"
> (a bit of known plaintext) is a useful shortcut to breaking a cipher.
> The tags in an XML message are likely to be known (or easily
> guessable) by an attacker. So, a straightforward encryption of
> an entire XML message might be considerably less secure than
> an encryption of a non-self-describing message.
I'm no crypto honcho either, but from my lay understanding, modern cryptographically strong hashing renders such approaches pretty much useless. Knowing that the phrase "hello" appears somewhere in the plaintext has such an infinitesimal effect on the search space these days that you'd be better off dumpster diving. Knowing all the XML tags used in the plaintext would also provide but infinitesimal advantage.
As your reading illustrates, this wasn't always the case: SHA and MD5 are recent inventions.
Now I'll shut up and wait for the crypto wizards to wake up and disabuse us all of our innumerate notions.
Uche Ogbuji Fourthought, Inc.
http://uche.ogbuji.net http://4Suite.org http://fourthought.com
Track chair, XML/Web Services One (San Jose, Boston): http://www.xmlconference.com/
DAML Reference - http://www.xml.com/pub/a/2002/05/01/damlref.html
The Languages of the Semantic Web - http://www.newarchitectmag.com/documents/s=2453/new1020218556549/index.html
XML, The Model Driven Architecture, and RDF @ XML Europe - http://www.xmleurope.com/2002/kttrack.asp#themodel