[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Decision: Encryption Method/Product

To: drummond@xxxxxxxxxx (Rik Drummond)
Subject: Re: Decision: Encryption Method/Product
From: Robert Moskowitz <rgm3@xxxxxxxxxxxx>
Date: Thu, 23 May 1996 08:52:45 -0400
Cc: ietf-ediint@xxxxxxx
Sender: owner-ietf-ediint@xxxxxxx

At 07:36 AM 5/23/96 -0500, Rik Drummond wrote:
>See comments below...Rik
>
>Robert Moskowitz, wrote:
>>
>.....Parts deleted ....................
>>
>>But the biggest concern I have of the strength of S/MIME is the presence of
>>any known text.  All of those imbedded MIME headers.  This is exactly the
>>attack that got Microsoft's WFW .pwl files!  (If you know that starting in
>>position 10 you will find the string 'application', the crypto analysis is
>>very easy).
>
>Under these conditions, we will find it hard to encrypt ANY EDI data at
>all, since the ISA (UNA) are well know structures with specific byte
>offsets. Moving ISA information into the MIME heading fields may only make
>this worse.

Ah, but you really have to know the offset in the data stream.  If it
varies, the known text attack becomes very useless.  Variable EDIM headers
of the P.35 variety will make this a fact.

Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Prev by Date: Re: Decision: Encryption Method/Product
Next by Date: Re: Message From KO/Office
Previous by thread: Re: Decision: Encryption Method/Product
Next by thread: Re: Decision: Encryption Method/Product
Index(es):
- Date
- Thread