Cart
[Home] [By Thread] [By Date] [Recent Entries]
On Friday 31 May 2002 00:06, you wrote: > I wonder if you could turn that to your advantage by encrypting > [element] content using different mechanisms on a per-element basis, and > leaving the structure in plaintext. That would leave attackers with a > skeleton but only small bits of content to analyze. Heh. How much information is in the structure? Quite a lot, and potentially useful to an attacker... imagine finding the following travelling between a dialup account traceable to you and a porn site: <purchase> <deliver-to>XXXXXXXXXXXXXXXXXXX</deliver-to> <items> <item code="XXXXX" qty="XXXXX" /> <item code="XXXXX" qty="XXXXX" /> <item code="XXXXX" qty="XXXXX" /> <item code="XXXXX" qty="XXXXX" /> </items> </purchase> Just encrypt the lot, with a couple of safeguards against cribbing as I suggested - adding randomness helps :-) Pick 16 or more bytes of randomness and stick them at the beginning of the file, then store the gzipped XML after it, optinally XORing a copy of those 16 bytes into the start (and end?) of the gzipped stream to obfuscate any constants to be found in headers and footers... > Dunno. It likely depends on the algorithm used as well as the level of > repetition in the content, and attributes are a problem as usual. Yes. ABS
|
