[
Lists Home |
Date Index |
Thread Index
]
- To: xml-dev@lists.xml.org
- Subject: Re: [xml-dev] The sky is falling! XML's dirty secret! Go back!It's a trap!
- From: Paul Prescod <paul@prescod.net>
- Date: Sun, 02 Jun 2002 12:38:23 -0700
- References: <EDOIJIGA51TRTS8761HFHBVSJFCNMG.3cf6abb5@MChamp>
Mike Champion wrote:
>
>...
>
> I don't know much about encryption, but from reading about
> cryptanalysis in WWWII it would appear that having a "crib"
> (a bit of known plaintext) is a useful shortcut to breaking a cipher.
> The tags in an XML message are likely to be known (or easily
> guessable) by an attacker. So, a straightforward encryption of
> an entire XML message might be considerably less secure than
> an encryption of a non-self-describing message.
But "non-self-describing" is not the same as "unpredictable".
/etc/passwd is not self-describing. (you have to use "man" to figure out
what the columns mean). But it is very predictable. Moreso than XML,
because it has no notion of comments, etc.
But anyhow, if modern cryptography depended on data being unpredictable
we would all be in a lot of trouble. The HTTP traffic going to a
credit-card accepting site is totally predictable. And any consumer can
generate a "sample document". I don't see how network data can be made
unpredictable and yet computer parsable.
IANACryptanalyst but I know that we are much better at encryption than
we were in WWII. Consider:
" A standard cryptanalytic attack is to know some plaintext matching a
given piece of ciphertext and try to determine the key which maps one
to the other. This plaintext can be known because it is standard (a
standard greeting, a known header or trailer, ...) or because it is
guessed. If text is guessed to be in a message, its position is
probably
not known, but a message is usually short enough that the cryptanalyst
can assume the known plaintext is in each possible position and do
attacks for each case in parallel. In this case, the known plaintext
can
be something so common that it is almost guaranteed to be in a
message.
A strong encryption algorithm will be unbreakable not only under known
plaintext (assuming the enemy knows all the plaintext for a given
ciphertext) but also under "adaptive chosen plaintext" -- an attack
making life much easier for the cryptanalyst. In this attack, the
enemy
gets to choose what plaintext to use and gets to do this over and
over,
choosing the plaintext for round N+1 only after analyzing the result
of
round N.
For example, as far as we know, DES is reasonably strong even under an
adaptive chosen plaintext attack (the attack Biham and Shamir used).
Of
course, we do not have access to the secrets of government
cryptanalytic
services. Still, it is the working assumption that DES is reasonably
strong under known plaintext and triple-DES is very strong under all
attacks."
* http://www.faqs.org/faqs/cryptography-faq/part03/
Paul Prescod
|
