Hi Kenny, > On 16 May 2016, at 17:24, Paterson, Kenny <kenny.pater...@rhul.ac.uk> wrote: > > Good to get this cleared up. Yes, it's eminently practical to recover the > two plaintexts from their XOR assuming you have a good language model > (e.g. one can use a Markov model with a suitable memory length; this would > work for HTTP records, natural language, etc). To code it all up is not > trivial - I currently set it as a final year project for our undergrad > students, for example. The paper by Mason et al from CCS 2006 gives a nice > account of the whole business.
Yes, we (I?) mixed up two different attack vectors. I wasn't aware of the CCS 2006 paper, that was long before I got into TLS, to be honest. I'll certainly read up on it. It's a really nice undergrad project, I'm always happy to hear that universities do teach practical attacks, let their students write PoC for them etc., unfortunately I've seen quite the opposite on a lot of occasions and lecturers teaching on out-dated crypto protocols and primitives or trying to explain simple designs with very "esoteric" slide-decks. Anyhow: what has been said in the thread already on the attack does of course make sense to me, but it isn't what I was referring to w.r.t. our attack contribution. So I think I'm to blame for the confusion here. I think both attacks are worth noting in the Errata as some implicitly already mentioned before. Does anyone disagree on that? > OK, makes sense now. Perfect :) Thank you for the feedback, Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
