Re: [PATCH] Delete cryptoloop

[Fruhwirth Clemens]

On Mon, 2004-07-26 at 12:54, Jari Ruusu wrote:
> Fruhwirth Clemens wrote:
> > On Sun, 2004-07-25 at 19:25, Jari Ruusu wrote:
> > > In short: exploit encodes watermark patterns as sequences of identical
> > > ciphertexts.
> > 
> > Probably I'm missing the point, but at the moment this looks like a
> > chosen plain text attack. As you know for sure, this is trivial. For
> > instance, AES asserts to be secure against this kind of attack. (See the
> > author's definition of K-secure..).
> 
> > I'm suggesting it doesn't work at all.
> 
> Fruhwirth, your incompetence has always amazed me. And this time is no
> exception. What is conserning is that some mainline folks seem to listening
> to your ill opinions. No wonder that both mainline device crypto
> implementations are such a joke.

Please don't resort to personal defamations. 

To summarize for an innocent bystander:

- The attacks you brought forward are in the best case a starting point
for known plain text attacks. Even DES is secure against this attack,
since an attacker would need 2^47 chosen plain texts to break the cipher
via differential cryptanalysis. (Table 12.14 Applied Cryptography,
Schneier). First, the watermark attack can only distinguish 32
watermarks. Second, you'd need a ~2.000.000 GB to store 2^47 chosen
plain texts. Third, I'm talking about DES (designed 1977!), no chance
against AES.

- The weaknesses brought forward by me are summarized  at
http://clemens.endorphin.org/OnTheProblemsOfCryptoloop . Thanks goes to
Pascal Brisset, who pointed out that cryptoloop is actually more secure
than I assumed.

If you, Jari, have any arguments left, it's time to state them now.
Otherwise, have a nice day,
-- 
Fruhwirth Clemens <clemens@xxxxxxxxxxxxx>  http://clemens.endorphin.org

Attachment: signature.asc
Description: This is a digitally signed message part