On Mon, 10 May 2004, Adam Back wrote:
> OK that sounds like it should work. Another approach that occurs is
> you could just take the plaintext, and encrypt it for the other
> attributes (which you don't have)? It's usually not too challenging
> to make stuff deterministic and retain security.
On Mon, May 10, 2004 at 08:02:12PM +, Jason Holt wrote:
> Adam Back wrote:
> > [...] However the server could mark the encrypted values by encoding
> > different challenge response values in each of them, right?
>
> Yep, that'd be a problem in that case. In the most recent (unpublished)
> p