"Arnold G. Reinhold" wrote:
> At 2:18 PM -0800 2/19/03, Ed Gerck wrote:
> >The previous considerations hinted at but did not consider that a
> >plaintext/ciphertext pair is not only a random bit pair.
> >
> >Also, if you consider plaintext to be random bits you're considering a very
> >special -
I'm struck by the similarity of this attack to Matt Blaze's master key
paper. In each case, you're guessing at one position at a time, and
using the response of the security system as an oracle. What's crucial
in both cases is the one-at-a-time aspect -- that's what makes the
attack linear in
At 2:18 PM -0800 2/19/03, Ed Gerck wrote:
Anton Stiglic wrote:
> The statement was for a plaintext/ciphertext pair, not for a random-bit/
> random-bit pair. Thus, if we model it terms of a bijection on random-bit
> pairs, we confuse the different statistics for plaintext, ciphertext, keys
an