On Friday, March 1, 2002, at 08:02 , Bill Janssen wrote: > The current setup XOR's the owner-id with the beginning of each > zlib-compressed segment. This makes it (cryptographically) fairly > easy to get the owner-id out of the document. A better scheme would > be to construct a sequence of hash bits from the owner-id and use them > to XOR the segments. This could have a more predictable length, > as well.
Hang on, you're using the same "key" to XOR each segment? This isn't particularly secure either... although you can't recover the owner-id from the key, you can still "factor the key out" and decode the document because you've got two or more segments encoded with the same key. Digging through the archives, I see we've been through this before. I guess it is all well and fine if you call it "basic security", but I wouldn't want to be billing this as enough to protect a $50 e-book or so. (For that you'd require stronger crypto.) -Terence
