[Cryptography] Availability of plaintext/ciphertext pairs (was Re: In the face of "cooperative" end-points, PFS doesn't help)

Raphael Jacquot sxpert at sxpert.org
Wed Sep 11 00:49:45 EDT 2013

On Sep 10, 2013, at 6:43 PM, Nemo <nemo at self-evident.org> wrote:
> "GET / HTTP/1.1\r\n" is exactly 16 bytes, or one AES block. If the IV is
> sent in the clear -- which it is -- that is one plaintext-ciphertext
> pair right there for every HTTPS connection.
> In fact, _any_ aligned 16 bytes of plaintext in the conversation that
> are known, or that are in a guessable range, represent a
> plaintext/ciphertext pair if either of the following are true:
>    1) You sent the IV in the clear
>    2) You used CBC mode
> Of the modes I know (CBC, CTR, GCM, et. al.), the only one that does not
> freely give up such plaintext/ciphertext pairs is OCB.

according to http://en.wikipedia.org/wiki/Padding_(cryptography) , most protocols 
only talk about padding at the end of the cleartext before encryption.
now, how about adding some random at the beginning of the cleartext, say, 2.5 times
the block size, that is 40 bytes for the example above, of random stuff before the 
interesting text appears ?

- Raphael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4133 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130911/a5ff742c/attachment.bin>

More information about the cryptography mailing list