[Interest] Interest Digest, Vol 97, Issue 4
Thiago Macieira
thiago.macieira at intel.com
Sun Oct 6 19:10:19 CEST 2019
On Saturday, 5 October 2019 14:38:17 PDT Roland Hughes wrote:
> With a fingerprint database you need ONE magic packet. For JSON, that is
> any packet in the stream because you are looking for
>
> " : "
>
> ":"
>
> " :"
>
> ": "
>
> as an encrypted fingerprint with many instances in the packet. If the
> encryption algorithm used consistently encrypts the same character
> string the exact same way within a packet a human just glancing at the
> sniff could see the repetition
You do realise that's not how modern encryption works, right? You do realise
that SSL/TLS rekeys periodically to avoid even a compromised key from going
further? That's what the "data limit for all ciphersuits" means: rekey after a
while.
You're apparently willfully ignoring the fact that the same cleartext will not
result in the same ciphertext when repeated in the transmission, even between
two rekey events.
> For xml you just need to find
>
> <?xml version=
>
> or the first 8 bytes of it (for the 64-bit block ciphers) and you are
> golden.
Which is why we don't use 64-bit block ciphers anymore. We are using 128- and
256-bit AES, which works very differently. You can't compute a fingerprint
database for those. And even if you could, you d still have birthday attacks:
two keys could result in the same ciphertext for the same input, but not for
the next input.
And don't forget the Initialisation Vector. Even if you could compute the
fingerprint database, you still need to multiply it by 2^128 to account for
all possible IVs.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel System Software Products
More information about the Interest
mailing list