Also... I know we've both read and understand the paper, so I think we just have a terminology discrepancy here. What is a bit confusing is using the words encrypted vs. decrypted and ciphertext vs. cleartext when we're talking about an attacker inserting contents into the message. What I was trying to say was like this... 1) Let's say the original sender encryptes a message. It then looks like this where "C" represents some bits of encrypted ciphertext: CCCCC 2) Then, the attacker inserts some material of their own into the message, denoted here with "P" for plaintext since it has not been subjected to encryption. The message now looks like this: CCCPPCC 3) Next, the recipient "decrypts" the message. Since at its lowest level the encryption amounts to XOR'ing the message text against the secret key, it essentially results in the flipping of each class of text. "C" becomes "P" and "P" becomes "C": PPPCCPP 4) In the attack scenario, when the recipient sends the "gibberish" to the sender, they are sending the now "encrypted" part of the message above denoted by "CC": PPP -->CC<-- PP 5) The attacker intercepts and XOR's the gibberish "CC" against their original insertion "PP" from #2 to deduce the key. Then they can decrypt the original "CCCCC" contents from #1. I'm sure this is all subject to terminology debates, and I'm most likely not using the optimal words to describe the process, but my point was just that the recipient actually never themselves reveals to the attacker any of the decrypted contents of the original message that were sent by the original sender. Ciao, Carter >> ----- Original Message ----- >> From: Daniel Kahn Gillmor <d...@fifthhorseman.net> >> Sent: Friday, March 2, 2012 8:50 AM >> Subject: Re: small security glitches >> >> That said, the attack described does indeed rely on the victim >> decrypting arbitrary text sent by the attacker and sending it back in >> such a way that the attacker can read the cleartext. Quoting the paper: >> >> >> and the user is presented with the corresponding message P'. To the >> >> user, P' appears to be garbled; the user therefore replies to the >> >> adversary with, for example, "What were you trying to send me?", but >> >> also quotes the "garbled" message P'. Thus, the user himself >> >> unwittingly acts as a decryption oracle for the adversary. >> >> Do you see how the above suggests that the victim must transfer the >> (apparently-garbled) cleartext to the attacker for the attack to proceed?
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
