On Thu, May 22, 2014 at 04:41:37PM -0700, Jon Callas wrote:
Most things that are intuitively better but unmeasurable turn out to
be far less good than your intuition says. Depressingly often, someone
comes up with a clever attack that reduces the intuitive thing to being
Yep. One aspect was already mentioned "NUL" characters. The obvious counter
measurement was also mentionen "base64". But this reduces the possible input
variation. It might be possible to mount an attack on it.
The general rule is: If you fear, that the default algorithm is not safe,
change it! You can't incease security by chaining algorithms.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp