RE: http+aes

> From: Poul-Henning Kamp [mailto:phk@phk.freebsd.dk]
> Sent: Wednesday, 07 March, 2012 11:33
> 
> In message <0AB4526732901E45B9B3A55FFD725D67019CBB16@AUS-
> EXCHANGE.microfocus.co
> m>, "Michael Wojcik" writes:
> 
> >> You cut and paste the link, and anybody who receives it can view
> >> the copyrighted object, and you have no idea who leaked it.
> >
> >Actually, I think it's potentially worse than that. Consider this
> case:
> >
> >- Publisher puts 100 copies of each resource on CDN, each encrypted
> with
> >a different key.
> 
> What you propose is what's called "Thatcherizing" a document: During
> the Thatchers government, they tweaked the spacing in a confidential
> memo so that each recipients copy were unique, in order to expose
> who leaked it to the press.

It's similar, yes, and also similar to various proposed "Birthday
Paradox" attacks against digital signatures using too-short digests
(where you vary whitespace until you produce an image collision), etc.
The real idea here, though, is that rather than giving every user a
unique key, you partition the keyspace for each resource, so an
accumulation of leaked keys gives increasing probabilistic
identification of the source of the leak.

> It is however, not an argument for the circus-crypto og http+aes

Of course not - I meant it as an argument *against* http+aes. That's why
I wrote "potentially worse" above.

-- 
Michael Wojcik
Technology Specialist, Micro Focus


This message has been scanned by MailController - portal1.mailcontroller.co.uk

Received on Wednesday, 7 March 2012 17:17:27 UTC