----- Original Message -----
From: "Morlock Elloi" <[EMAIL PROTECTED]>
> Collision means same plaintext to the same ciphertext.
Actually all it means in this case is the same ciphertext, since the key is
the same it of course carries back to the plaintext, but that is irrelevant
at this point. The ciritical fact is that the ciphertexts are the same.
> The collision happens on
> the cypher block basis, not on disk block basis.
The only one that matters is the beginning of the disk block, since that is
what was being detected.
> This has nothing to do with practical security.
It has everything to do with practical security. This collision of headers
leaks information, that leak is what I highlighted.
> You imply more than *hundred thousand* of identical-header word *docs* on
the
> same disk and then that identifying several of these as potential word
docs is
> a serious leak.
What I said was that given a significant number of documents with identical
headers (I selected Word documents because business men generally have a lot
of them), it will be possible to detect a reasonable percentage of them
fairly easily. I never implied, much less stated that there would be 100,000
of these, I stated that there is somewhere on the order of 100,000
possibilities for collision (80,000 is close enough, even 50,000 can
sometimes be considered to be on the same order).
The ability to identify that document X and document Y are word documents
may in fact be a serious leak under some circumstances, including where the
data path has been tracked. To steal an example from the current news, if HP
and Compaq had trusted the cryptography, and their messages (but not the
contents) had been traced, and linked, there would have been a substantial
prior knowledge of the something big happening, this would have meant an
opportunity for someone to perform insider trading without any evidence of
it. This encryption mode poses a significant, real security threat in
realistic situations.
Joe
