|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On Tue, Sep 09, 2003 at 05:19:13PM -0400, Eugene Smiley wrote:
> David Shaw wrote:
> > In short the attack works like this: Alice sends an encrypted
> > message to Charlie. Baker intercepts it, but cannot read it.
> > Baker mangles the message in a special way and sends it to Charlie.
> > Charlie decrypts it (thinking it is from Baker) and discovers a
> > whole lot of gibberish. Charlie replies (quoting the gibberish) to
> > Baker, saying "what is this?".
> >
> > Baker can then use the gibberish to decrypt the original message
> > from Alice to Charlie.
>
> Does this compromise the users encryption key or just the session key
> for that message?
Session key only. Compromising the encryption key from the session
would be a known plaintext attack, which as you pointed out, is highly
resisted ;)
David
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|