- From: <hal@finney.org>
- Date: Wed, 15 Nov 2000 12:56:13 -0800
- To: hal@finney.org, steve@myProof.com
- Cc: xml-encryption@w3.org
Yes, I think you're right, this kind of situation could be troublesome as well. Any time you've got somewhat guessable plaintext, leaking length information could be a problem. Hal Finney PGP Security > From: Steve Wiley <steve@myProof.com> > > Hal, > > Thanks for the information and explanations. They are very helpful. > > Could this be a problem as well? > Even if the plaintext is an entire element and the length would normally > considered long enough to not pose a security risk, if the XML schema is > know, then most of the plaintext content may be known. In the following > example the plaintext is (including white space) 169 characters long. But, > an attacker that knew or inferred the element structure would know what all > but 13 of the characters were. I am not a crypto person but I would guess > that this would pose the same risk as encrypting short length plaintext. > > <employee> > <first-name>Jane</first-name> > <last-name>Doe</last-name> > <emp-type>sal</emp-type> > <job-type>SE</job-type> > <job-level>3</job-level> > </employee> > > Thanks, > Steve Wiley - <steve@myproof.com>
Received on Wednesday, 15 November 2000 15:55:04 UTC