On Fri, 2005-08-26 at 12:53 -0400, Griggs, Donald wrote:
> Regarding Mrs. Brisby's ending comment:
>"A better defense: use a different key each time. Encrypt the session key
> separately."
>
> I may way off in asking this, but:
> Since we're talking about the encyption of data at rest, and a
On Fri, 2005-08-26 at 16:21 +0200, F.W.A. van Leeuwen wrote:
> >
> > The usual defense against this attack is to mix some random information
> > into the beginning of the plaintext.
> >
> > A better defense: use a different key each time. Encrypt the session key
> > separately.
> >
>
> And /or
Regarding Mrs. Brisby's ending comment:
"A better defense: use a different key each time. Encrypt the session key
separately."
I may way off in asking this, but:
Since we're talking about the encyption of data at rest, and aren't in a
client-server situation, how could sqlite make session key
>
> The usual defense against this attack is to mix some random information
> into the beginning of the plaintext.
>
> A better defense: use a different key each time. Encrypt the session key
> separately.
>
And /or start encrypting after the fixed header.
Best regards,
Frank.
On Wed, 2005-08-24 at 22:55 -0400, D. Richard Hipp wrote:
> Weaknesses in RC4 have been found where
> the first few numbers coming out of the PRNG leak information about the
> key. If an attacker can guess the first few bytes of plaintext, and
> hence guess the first few numbers from the PRNG, a
On Wed, 2005-08-24 at 22:32 -0400, Mrs. Brisby wrote:
> > There are several attacks that can be used to derive the original key
> > state, but they all require huge samples of data to analyze.
>
> No they don't. That's the problem. They only need a large number of
> _uses_ of the key, not large a
On Mon, 2005-08-22 at 16:39 -0500, Dennis Jenkins wrote:
> RC4 is basically an XOR against a huge one-time pad.
No it's not. The only thing like a one-time pad is a one-time pad.
What makes an OTP secure isn't the protocol, but where the bits come
from.
If they come from ANYWHERE but a truly ran
On Mon, 2005-08-22 at 17:19 -0400, Mike Shaver wrote:
> On 8/22/05, Edwin Knoppert <[EMAIL PROTECTED]> wrote:
> > Hmm, but every known file format has an header.
> > Sqlite has a string, not really a header as it seems.
> > Maybe for v4 to implement a real header (if not yet)
> > A header doesn't n
Mike Shaver wrote:
On 8/22/05, Edwin Knoppert <[EMAIL PROTECTED]> wrote:
Hmm, but every known file format has an header.
Sqlite has a string, not really a header as it seems.
Maybe for v4 to implement a real header (if not yet)
A header doesn't need to be encrypted.
(A bit for testing if it'
9 matches
Mail list logo