On 09/08/2013 14:50, Christopher Schultz wrote: > It's too bad it took a researcher a year to figure out that > compression of any kind makes encryption (where the attacker can force > random probing attacks) weak. It's not like SSL+compression and > SSL-compression+compression is that different.
It didn't. The original CRIME presentation covered this topic. I fail to understand why such a fuss is being made of this re-hashing. The original CRIME presentation also (correctly) pointed out that any attack based on this is entirely theoretical and not currently at all practical. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
