Can someone please poke some holes in this idea?

Lenny Foner (foner@media.mit.edu)
Wed, 7 Oct 1998 02:43:32 -0400

• Next message: David R. Conrad: "Re: how to inline "ROR/ROL" asm instructions in C ?? (help wanted)"
• Previous message: Eric Young: "re: Jaws"
• In reply to: HyperReal-Anon: "re: Jaws"
• Next in thread: Bill Frantz: "Re: Can someone please poke some holes in this idea?"
• Reply: Bill Frantz: "Re: Can someone please poke some holes in this idea?"

    Date: Tue, 06 Oct 1998 22:59:08 -0700
    From: "Stephen P. Gibbons" <steve@aztech.net>

    I read this and responded with a Homer Simpson-like "Doh!"

Can we please stick to the -cryptographic- question I asked?

For one thing, you don't know my application, so you can't reasonably
evaluate whether leaving "deleted" but encrypted files around is or is
not considered part of my threat model. For another, it's perfectly
obvious that one should take pains to avoid both crashes and leftover
bits if it matters.

That's not the question I asked, however. I asked about the
cryptographic security of the particular mechanism I had in mind for
protecting the security of the session key while being able to quickly
tell whether the passphrase was correct. I'd rather that people
didn't get completely distracted on irrelevant side-issues.

Thanks.

• Next message: David R. Conrad: "Re: how to inline "ROR/ROL" asm instructions in C ?? (help wanted)"
• Previous message: Eric Young: "re: Jaws"
• In reply to: HyperReal-Anon: "re: Jaws"
• Next in thread: Bill Frantz: "Re: Can someone please poke some holes in this idea?"
• Reply: Bill Frantz: "Re: Can someone please poke some holes in this idea?"