Ok, did some digging re: my previous tweet. Turns out if an attacker can control part of the cleartext they can guess other parts.
-
-
Replying to @charliesome
@charliesome yup, they can guess a byte-at-a-time and the ciphertext will be shorter when they guess correctly2 replies 0 retweets 0 likes
Replying to @charliesome
@charliesome confirm, anything that appears in the response body (but not headers)
3:32 PM - 4 Aug 2013
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.