On Saturday 20 May 2006 22:47, Robin H. Johnson wrote: > The basic form of it, is a vulnerability towards a class of attacks that > require a large supply of signed/encrypted material. > For a primer on various modes of using block ciphers, see > Wikipedia: http://tinyurl.com/bbcmf > > It's conceivable that (and this is the absolute worst case), under this > class of attack, a lot of signing may ultimately reveal bits of your > key, because the attacker has both the plaintext and ciphertext, and can > ultimately compute it - this can either be brute-force, or > mathematically (consider it solving algebra).
Once one developer has been compromised, there is even a chosen plaintext attack path. Making it even worse. Paul -- Paul de Vrieze Gentoo Developer Mail: [EMAIL PROTECTED] Homepage: http://www.devrieze.net
pgp9kZlwpXPE4.pgp
Description: PGP signature