[Cryptography] The paranoid approach to crypto-plumbing

John Kelsey crypto.jmk at gmail.com
Wed Sep 18 00:46:15 EDT 2013

Arggh!  Of course, this superencryption wouldn't help against the CBC padding attacks, because the attacker would learn plaintext without bothering with the other layers of encryption.  The only way to solve that is to preprocess the plaintext in some way that takes the attacker's power to induce a timing difference or error message away.  


More information about the cryptography mailing list