@rygorous Better for the attacker :) There should be a proof somewhere that shows weakness prop. to length of available ciphertext.
-
-
Replying to @cmuratori
@cmuratori@rygorous makes sense to me. Weak key encrypts random data into random-looking data. Can’t tell if decrypt attack was successful.1 reply 0 retweets 0 likes -
Replying to @cmuratori
@cmuratori@nairou And a CRC-32. All of which match for not just the correct key, but also 2^192 incorrect ones.1 reply 0 retweets 0 likes -
Replying to @cmuratori
@cmuratori@rygorous@nairou Alright no, I take it back. The header has stuff like mandatory runs of 120 zeros. So you definitely know.1 reply 0 retweets 0 likes -
-
Replying to @cmuratori
@cmuratori@rygorous@nairou But it's tricky because you also need the user to know that they entered their password correctly, right...3 replies 0 retweets 0 likes -
Replying to @cmuratori
@cmuratori@nairou Not really, no. The probability of them entering a wrong password that gives right magic bytes is negligible.1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.