Re: [Exim] OT: TLS encryption strength

Top Page
Delete this message
Reply to this message
Author: Matthew Byng-Maddick
Date:  
To: exim-users
Subject: Re: [Exim] OT: TLS encryption strength
On Mon, Mar 10, 2003 at 03:16:41PM +0100, Nico Erfurth wrote:
> I'm not an crypto-expert, but I think the general problem with ESTMP-TLS
> is that some of the text is known.


So? Any non-naive use of a well-designed cipher makes a known-plaintext
attack as easy as breaking the cipher.

> So one can MAYBE run a known-plaintext attack against the encryption,
> but like I said, I'm not an expert in this field :)


As long as you don't use RC4 naively, no. If you do, then all bets are off
and it's your own fault, SSL is reasonably good in this regard, I believe.

Basically, it amounts to trying to predict the rest of the pad from the
bits you know. It doesn't help you at all.

MBM (tried to keep this off-list)

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/