On Thu 2015-06-11 13:11:38 -0400, vedaal(_at_)nym(_dot_)hush(_dot_)com wrote:
There are also some other issues which might be useful to bring to the
user's attention.
I think the issue you're raising here can be summarized as
"content-length hiding for encrypted messages"
It seems to me that this would fit in 4880bis, at the very least in the
security considerations section.
The way people usually try to defend against this sort of attack is to
pad the content up to some common boundary size (this doesn't help if
your two messages straddle a boundary, of course). Your example of "hit
the spacebar" is a very domain-specific instance of this suggestion,
though it assumes that the recipient will interpret "pardon " the same
as "pardon", which may or may not be true depending on the make and
model of the lethal machinery interpreting the governor's directive.
The literature on the efficacy of padding algorithms suggests that
statistical modeling attacks (on datasets more complex than your
pardon/execute example) can defeat simple padding schemes a
non-negligible percent of time, for example:
http://arxiv.org/abs/1403.0297
That said, entirely non-padded mechanisms fail even more often :)
An interesting approach would be to look at the existing standard and
common implementations to see whether there is a way to provide a more
generic padding mechanism using only existing packet types. Have you
tried to do that?
--dkg
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp