httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steinar H. Gunderson" <>
Subject Re: breach attack
Date Sat, 10 Aug 2013 16:14:04 GMT
On Sat, Aug 10, 2013 at 06:11:09PM +0200, Dirk-Willem van Gulik wrote:
> I'd keep in mind that compression is simply an amplifier for this type of
> attack. It makes the approach more effective. But it is not essential; when
> you have in essence a largely known plaintext surrounding a short secret
> and an oracle. And the latter is not going to go away - current dominant
> site development models will make this worse; as do current operational
> models w.r.t. to picking such up early.

Wait, what's the oracle if there's no compression?

/* Steinar */

View raw message