@rygorous That is not sufficient because it is true of the header as well - so there's no advantage. It has to be _amount_ of plaintext...
-
-
Replying to @cmuratori
@cmuratori@rygorous Ie., the header has (at least) "TRUE" encrypted w/ the s+pwd. So it's about the _amount_ of known plaintext...3 replies 0 retweets 0 likes -
Replying to @cmuratori
@cmuratori As I said before, *several gigabytes* of known plaintext from a normal OS installation.1 reply 0 retweets 0 likes -
Replying to @cmuratori
@cmuratori You mean worse? :) It's leverage. The less data you encode with a key, the harder it is to get a successful distinguisher.1 reply 0 retweets 0 likes -
Replying to @cmuratori
@cmuratori@rygorous makes sense to me. Weak key encrypts random data into random-looking data. Can’t tell if decrypt attack was successful.1 reply 0 retweets 0 likes -
Replying to @cmuratori
@cmuratori@nairou And a CRC-32. All of which match for not just the correct key, but also 2^192 incorrect ones.1 reply 0 retweets 0 likes
@cmuratori @rygorous @nairou That's the best argument I've heard so far (cryptographically).
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.