[Top] [All Lists]

Re: Anybody know details about Schneier's "flaw"?

2002-08-14 09:34:26

I think it's got too many odd things in it to require compression.
Basically it's a "if you let yourself get social engineered then
your crypto can be used against you" attack.

At 10:50 AM 8/14/2002 -0400, Derek Atkins wrote:

john(_dot_)dlugosz(_at_)kodak(_dot_)com writes:

> Does anybody know more about this?  Can a minor improvement to the new
> -bis draft fix it?

a) this only works if you do NOT compress your messages before you encrypt.
b) this only works if you do NOT sign the message AND you do NOT use an MDC

> --John