- From: Joseph Ashwood <jashwood@arcot.com>
- Date: Mon, 8 Jan 2001 15:47:22 -0800
- To: "Public XML Encryption List" <xml-encryption@w3.org>
----- Original Message -----
From: "Joseph M. Reagle Jr." <reagle@w3.org>
> >· Elimination of potentially dangerous attribute encryption
support
>
> The danger results from the likely value of the attribute, not the
attribute
> itself: repetitive and short. Elements could have similar problem. (Kind
of
> unfair to note this is the reason attributes are exlcluded, but then in
> section 8 say it's still an open issue that could be solved, where that
> solution could work for attributes too...?)
The problem lies in a slightly different direction. The problem is that the
encrypted values are the same for the same input, the cause is simple, the
encryption function is deterministic. For systems with some amount of
entropy this is not a severe issue, however as the entropy tends to 0 the
determinism of the function becomes an issue. The obvious solution to me is
to use non-deterministic cryptography. The two most prominent examples are
ElGamal and RSA-OAEP, but there are plenty of others. A simple way to add
the non-determinism to the system where it is needed is to instead of
encrypting just the data using the chainging mode, prepend a random value of
known length. This will add some amount of entropy to the system, which will
have the desired result, assuming a good chaining method. This is in all
honesty the same technique that is applied to password encryption, a salt.
Joe
Received on Monday, 8 January 2001 18:48:36 UTC