* Jon Callas:
In specific cases, *flaws* in this conversion when combined with an
interactive protocol can lead to an attack that is in general, not
applicable to a non-interactive protocol with large amounts of
compressed data.
It doesn't have to be interactive (in the sense of chosen-something
attacks). For example, lossy voice compression tends to produce
length differences for different phonemes. And the Wikimedia example
wasn't something interactive, either.
But in general, this benefits the defender, as the attacker has no
idea what the *actual* plaintext is (the compressed data) unless
they know the base plaintext is, and small inaccuracies in the
attackers guess lead to large differences.
But this doesn't matter if the encryption is sound, does it?
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp