On Wed, Mar 19, 2014 at 02:16:16PM -0700, Gregory Maxwell wrote:
On Wed, Mar 19, 2014 at 1:47 PM, Jon Callas <jon(_at_)callas(_dot_)org> wrote:
What's being leaked by compression? Really, I don't get it.
Some people like a demonstration.
Consider that I'm going to cast one of two ballots in a secret ballot
election. The ballots are just permutations of eachother so they are
the same size.
https://people.xiph.org/~greg/ballot.1
https://people.xiph.org/~greg/ballot.2
I encrypt my secret ballot to the election officials with the public
key at https://people.xiph.org/~greg/openpgp_testpubkey.asc
using the command:
gpg -ear 9C28FC94 --compress-algo ZIP --compress-level 9 ballot.X
(just being explicit for consistency sake, using GPG 1.4.16 in Fedora
19)
And I get the encrypted result of
https://people.xiph.org/~greg/ballot.secret.asc
Which ballot did I cast? Anyone?
After realizing that I needed to account for the size of the "Version:"
string I got the exact same size as your secret for ballot.1, so I'm
guessing that was your vote.
Am I right?
--
'peter'[:-1]@petertodd.org
0000000000000000c7cb0567f1dddff05db43f9d2c32acdb26e89e69eb80c492
signature.asc
Description: Digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp