• To: xml-dev@l...
• Subject: Re: RE: The sky is falling! XML's dirty secret! Go back!It's a trap!
• From: "Simon St.Laurent" <simonstl@s...>
• Date: 30 May 2002 19:06:51 -0400
• In-reply-to: <EDOIJIGA51TRTS8761HFHBVSJFCNMG.3cf6abb5@MChamp>
• References: <EDOIJIGA51TRTS8761HFHBVSJFCNMG.3cf6abb5@MChamp>

On Thu, 2002-05-30 at 18:46, Mike Champion wrote:
> I don't know much about encryption, but from reading about
> cryptanalysis in WWWII it would appear that having a "crib"
> (a bit of known plaintext) is a useful shortcut to breaking a cipher.
> The tags in an XML message are likely to be known (or easily
> guessable) by an attacker.  So, a straightforward encryption of
> an entire XML message might be considerably less secure than
> an encryption of a non-self-describing message.  

I wonder if you could turn that to your advantage by encrypting
[element] content using different mechanisms on a per-element basis, and
leaving the structure in plaintext.  That would leave attackers with a
skeleton but only small bits of content to analyze.

Dunno.  It likely depends on the algorithm used as well as the level of
repetition in the content, and attributes are a problem as usual.

-- 
Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com

• Follow-Ups:
  • Re: RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
    • From: "Alaric B. Snell" <alaric@a...>

• References:
  • Re: RE: The sky is falling! XML's dirty secret! Go back!It's a trap!
    • From: Mike Champion <mc@x...>

• Prev by Date: Re: RE: The sky is falling! XML's dirty secret! Go back!It's a trap!
• Next by Date: Re: Question regarding PSVI..
• Previous by thread: Re: RE: The sky is falling! XML's dirty secret! Go back!It's a trap!
• Next by thread: Re: RE: The sky is falling! XML's dirty secret! Go back! It's a trap!
• Index(es):
  • Date
  • Thread