On Friday, July 12, 2013 16:56:47 Zooko O'Whielacronx wrote: > No, no, we rely on the correctness of our encryption to hide all > information about the plaintext from an attacker who doesn't know the > encryption key. Therefore, the pad bytes are all just zero bytes, and > we believe that this pattern gives nothing useful to the cryptanalyst.
Encrypting padding consisting of all zero bytes creates a known-plaintext attack. The padding should be the output of a CSPRNG whose seed is determined by the contents of the file. Pierre -- Jews use a lunisolar calendar; Muslims use a solely lunar calendar. _______________________________________________ tahoe-dev mailing list tahoe-dev@tahoe-lafs.org https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
