----- Original Message ----- From: "Morlock Elloi" <[EMAIL PROTECTED]>
> Collision means same plaintext to the same ciphertext. Actually all it means in this case is the same ciphertext, since the key is the same it of course carries back to the plaintext, but that is irrelevant at this point. The ciritical fact is that the ciphertexts are the same. > The collision happens on > the cypher block basis, not on disk block basis. The only one that matters is the beginning of the disk block, since that is what was being detected. > This has nothing to do with practical security. It has everything to do with practical security. This collision of headers leaks information, that leak is what I highlighted. > You imply more than *hundred thousand* of identical-header word *docs* on the > same disk and then that identifying several of these as potential word docs is > a serious leak. What I said was that given a significant number of documents with identical headers (I selected Word documents because business men generally have a lot of them), it will be possible to detect a reasonable percentage of them fairly easily. I never implied, much less stated that there would be 100,000 of these, I stated that there is somewhere on the order of 100,000 possibilities for collision (80,000 is close enough, even 50,000 can sometimes be considered to be on the same order). The ability to identify that document X and document Y are word documents may in fact be a serious leak under some circumstances, including where the data path has been tracked. To steal an example from the current news, if HP and Compaq had trusted the cryptography, and their messages (but not the contents) had been traced, and linked, there would have been a substantial prior knowledge of the something big happening, this would have meant an opportunity for someone to perform insider trading without any evidence of it. This encryption mode poses a significant, real security threat in realistic situations. Joe