[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?
Natanael
natanael.l at gmail.com
Tue May 12 12:11:09 EDT 2015
Den 12 maj 2015 18:05 skrev "John Levine" <johnl at iecc.com>:
>
> >At the same time, the IETF is pushing the encrypt everything agenda, and
one of the big
> >arguments is browsing privacy. You get arguments to encrypt Wikipedia to
prevent censors
> >from discovering which pages a particular user is reading. Wikipedia is
public, but
> >reading pages on homosexuality or abortion could get youths in trouble
in many places. The
> >argument goes that encryption will thwart the censors. Except of course
that the encrypted
> >traffic still reveal page lengths, compressed or not...
>
> It would be quite a feat to figure out which Wikipedia page someone
> was reading just from the page length, compressed or otherwise.
> There's over 4,800,000 articles each of which can be rendered in many
> different ways (talk, history, diffs, etc.), they change all the time,
> and the size of a page depends on whether you're logged in and
> probably on other stuff. For example, I just retrieved a Wikipedia
> page on a topic related to a river in the United States. The
> uncompressed length of the page was 47,068 bytes. Free beer to the
> first person who figures out what page it was.
http://research.microsoft.com/pubs/119060/WebAppSideChannel-final.pdf
http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
These are just the first two sidechannel attacks I find by googling. There
are at least a dozen more like them. Attacks on both Google search
autocomplete to find the search query and on Google Maps to detect what
area the user is looking at.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150512/20f349cb/attachment.html>
More information about the cryptography
mailing list