On Mon, Mar 10, 2003 at 03:16:41PM +0100, Nico Erfurth wrote:
> I'm not an crypto-expert, but I think the general problem with ESTMP-TLS
> is that some of the text is known.
So? Any non-naive use of a well-designed cipher makes a known-plaintext
attack as easy as breaking the cipher.
> So one can MAYBE run a known-plaintext attack against the encryption,
> but like I said, I'm not an expert in this field :)
As long as you don't use RC4 naively, no. If you do, then all bets are off
and it's your own fault, SSL is reasonably good in this regard, I believe.
Basically, it amounts to trying to predict the rest of the pad from the
bits you know. It doesn't help you at all.
MBM (tried to keep this off-list)
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/