Register article on using non-randomness of encrypted file content to reduce time needed to decrypt by brute force
mozolevsky at gmail.com
Fri Aug 16 22:52:51 BST 2013
On 16 August 2013 15:20, Ian Mason wrote:
> On 15 Aug 2013, at 16:00, Igor Mozolevsky wrote:
>> On 15 August 2013 11:00, Brian Morrison wrote:
>>> Not seen this mentioned anywhere else yet:
>>> Any opinions from those with direct knowledge of such techniques?
>> Isn't the conventional wisdom to compress before encrypting to prevent
>> thing like that?
> "Conventional wisdom" - yes, actual wisdom, no. The compression layer in
> SSL has been used to attack it (http://breachattack.com/).
If I understand the paper correctly, the relies on knowing a part of the
plaintext prior to the compression (and at 4.2 the authors say *if* one can
inject known payload into plaintext then the attack would potentially
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ukcrypto