[Standards] compression attacks

Winfried Tilanus winfried at tilanus.com
Mon Feb 17 13:40:30 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 17-02-14 14:29, Winfried Tilanus wrote:

Hi,

> Thijs, can you explain this a bit more? As far as I understand
> these attacks, they work when both a secret and data supplied by
> the attacker are in the same compression context.

Brain-fart, of course this can be done by sending messages to the
victim from an other JID.

So yes, this can be a problem.

Winfried
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTAhFNAAoJEHZ7UH0X6Ldc+dgP/R7st7bQCZ1/GsE8d+Ay5t00
NJww1gWnhGWZnepZN6baM3QvZ2QI3Hiw7hGoexscD52YLtY3aWZQT5X3W5/9NlD1
d81BY/3cr2uHCKwJ2bnvlqxeoTBHbFHUK4xtbAiqs1ftJEFzKP01mCizPNzUDdXm
x2s0mKBg3K8UDx7nuqPQdzFlVrMGvI7KteRx73ct+N1IIsGeyrjOBCerxmMaIpkl
GsbVpL6GghLDwxEVH7RqSi0glgfzH0B9AptkJ/tPfwQw29GNKYiUEJIvGG6utPF3
Rz4qJ3tsZYm3p3jdpTu6x8nQIQgsufZP+dI7vfSHJbbrrP6TmmL2Ruh+9thzjKgv
+AkZqr9rrxHXqFQMJ2nQKz8oB+6GZ/iam1ngXkgplxF2toWRWYSYwq/Ebo4lZ4P9
wS8APhpvcTcG9TlirCTBCF9ftvO1qZmn6X/677CdfxoFdTu6X1oJ1JEsCm+MqM42
CEByWiErQWnVYqAY1ZHnVufPsYG+znFCNby6XUW0isaE6Hx0g1ma21DP+VeF17Gy
P1GJsm52eSbY8crGVAaDG7cpdel4E/vl77fUhUrM2jsLETWyXNagXPW61qDLSsPx
R6pswGQ7I1BBaoxkjqm+//o/KTw/sA+A+dSxvJ2n3TTZN9qE6wYl6Rq8njJMfn1/
1lPO52kZhWBQN2HnLZu9
=T4up
-----END PGP SIGNATURE-----



More information about the Standards mailing list