RE: Minutes of 990909-tele

>      * Fox: will XML content be too small sometimes (particularly if
>        signature is also over siginfo, pretty static information) in
>        order to permit a dictionary attack, do we need padding and salt?
>        Solo: jokes XML is never small. ACTION FOX: talk to
>        crypto-weenies.

The issue here is not size but entropy. XML's verbosity provides nothing
usefull here.

The particular concern for a dictionary attack however is in the area
of confidentiality. If there is little entropy in the message then
I can build a dictionary - regarless of whether the message is a
binary digit or <XML><HEAD><TITLE>YES</TITLE></HEAD></XML>.

This is why sensible cryptographers employ session keys even when 
using symmetric keying for distribution.

The attack of particular concern here is a replay attack. I can record
your last signed message and replay it. This problem is not affected
by message size in the way that the dictionary attack is.

In general concerns of this nature are the responsibility of those
proposing the low level packaging formats. PKCS#1.1 is designed to
be very robust and is pretty much immune to attacks of this type 
which were considered in its design. 


Received on Thursday, 9 September 1999 15:28:34 UTC