[Top] [All Lists]

Re: Anybody know details about Schneier's "flaw"?

2002-08-15 17:52:23

my point was, requiring implementors to do compression sucks,
in my opinion.  this attack is insufficient justification.

the attack is a social engineering attack.  forcing implementors
to add onerous code to defend against it is not a good idea.

At 12:51 PM 8/14/2002 -0400, Derek Atkins wrote:

Rodney Thayer <rodney(_at_)tillerman(_dot_)to> writes:

> I think it's got too many odd things in it to require compression.

Indeed.. As I said (perhaps incoherently), the attack only works if
you DO NOT compress.  If you compress the message then there is no way
to XOR against the message.