OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: RE: [xml-dev] The sky is falling! XML's dirty secret! Go back! It's

[ Lists Home | Date Index | Thread Index ]

On Friday 31 May 2002 00:06, you wrote:

> I wonder if you could turn that to your advantage by encrypting
> [element] content using different mechanisms on a per-element basis, and
> leaving the structure in plaintext.  That would leave attackers with a
> skeleton but only small bits of content to analyze.

Heh. How much information is in the structure? Quite a lot, and potentially 
useful to an attacker... imagine finding the following travelling between a 
dialup account traceable to you and a porn site:

  <item code="XXXXX" qty="XXXXX" />
  <item code="XXXXX" qty="XXXXX" />
  <item code="XXXXX" qty="XXXXX" />
  <item code="XXXXX" qty="XXXXX" />

Just encrypt the lot, with a couple of safeguards against cribbing as I 
suggested - adding randomness helps :-)

Pick 16 or more bytes of randomness and stick them at the beginning of the 
file, then store the gzipped XML after it, optinally XORing a copy of those 
16 bytes into the start (and end?) of the gzipped stream to obfuscate any 
constants to be found in headers and footers...

> Dunno.  It likely depends on the algorithm used as well as the level of
> repetition in the content, and attributes are a problem as usual.




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS