[
Lists Home |
Date Index |
Thread Index
]
On Friday 31 May 2002 00:06, you wrote:
> I wonder if you could turn that to your advantage by encrypting
> [element] content using different mechanisms on a per-element basis, and
> leaving the structure in plaintext. That would leave attackers with a
> skeleton but only small bits of content to analyze.
Heh. How much information is in the structure? Quite a lot, and potentially
useful to an attacker... imagine finding the following travelling between a
dialup account traceable to you and a porn site:
<purchase>
<deliver-to>XXXXXXXXXXXXXXXXXXX</deliver-to>
<items>
<item code="XXXXX" qty="XXXXX" />
<item code="XXXXX" qty="XXXXX" />
<item code="XXXXX" qty="XXXXX" />
<item code="XXXXX" qty="XXXXX" />
</items>
</purchase>
Just encrypt the lot, with a couple of safeguards against cribbing as I
suggested - adding randomness helps :-)
Pick 16 or more bytes of randomness and stick them at the beginning of the
file, then store the gzipped XML after it, optinally XORing a copy of those
16 bytes into the start (and end?) of the gzipped stream to obfuscate any
constants to be found in headers and footers...
> Dunno. It likely depends on the algorithm used as well as the level of
> repetition in the content, and attributes are a problem as usual.
Yes.
ABS
|
