Bitmaps stored inside encrypted backup files could be vulnerable to a
sophisticated 'comparison' attack, a German security researcher has
discovered.

http://www.techworld.com/security/ne...?newsid=105263

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Anonymous Remailer wrote:

> Bitmaps stored inside encrypted backup files could be vulnerable to a
> sophisticated 'comparison' attack, a German security researcher has
> discovered.
>
> http://www.techworld.com/security/ne...?newsid=105263

Interesting. This sort of "measurable changes" issue was (apparently
correctly) eluded to in this group months ago in discussions about
encrypted volumes being indistinguishable from random data, and the
efficacy of a certain hidden volume schemes.

I think it was Nemo who was the most adamant about nothing of this
nature being any threat at all, but I could be wrong about that part.
Might have been a Boschloo/Who misstep.

In any case... oops. As someone predicted, changes in unencrypted data
contained within an encrypted volume can in some cases effect changes
to the volume itself in specific, algorithmic dependent ways. And any
bit of information an attacker can glean about the nature of the data
inside the volume can be used to "amplify" what's observed.

The APAS Troll may have more on the ball than we think. *shrug*

-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAkjpinsACgkQUZCI41IC43htYgCaA+yemRVQBH TrSWgBk+ZB/mzV
k0AAnixUacgoCWSh+WjnIYHDQ1uazbq8
=w6YC
-----END PGP SIGNATURE-----

Anonymous Remailer wrote:
>
>Bitmaps stored inside encrypted backup files could be vulnerable to a
>sophisticated 'comparison' attack, a German security researcher has
>discovered.
>
>http://www.techworld.com/security/ne...?newsid=105263

Snake oil meant to fool people into thinking TurboCrypt is more
secure than other products. The truth is that everybody uses
strong ciphers (usually AES nowdays) and strong ciphers are not
vulnerable to known-plaintext or chosen-plaintext attacks.

Bruce Schneier wrote about them in his Crypto-Gram Newsletter:

|"The Doghouse: Random Cryptography Companies
|
|"PMC Ciphers. The theory description is so filled with pseudo-
|cryptography that it's funny to read. Hypotheses are presented
|as conclusions. Current research is misstated or ignored.
|The first link is a technical paper with four references,
|three of them written before 1975. Who needs thirty years
|of cryptographic research when you have polymorphic cipher
|theory?"

Also see:
http://www.security-forums.com/viewtopic.php?p=69206
(the post by JustinT that starts with " If you are
indeed C.B. Roellgen..." is especially good.)


--
Guy Macon
<http://www.GuyMacon.com/>

On Mon, 6 Oct 2008 03:49:29 +0000 (UTC), Sparky wrote:

> Anonymous Remailer wrote:
>
>> Bitmaps stored inside encrypted backup files could be vulnerable to a
>> sophisticated 'comparison' attack, a German security researcher has
>> discovered.
>>
>> http://www.techworld.com/security/ne...?newsid=105263
>
> Interesting. This sort of "measurable changes" issue was (apparently
> correctly) eluded to in this group months ago in discussions about
> encrypted volumes being indistinguishable from random data, and the
> efficacy of a certain hidden volume schemes.
>
> I think it was Nemo who was the most adamant about nothing of this
> nature being any threat at all, but I could be wrong about that part.
> Might have been a Boschloo/Who misstep.

Idiot, I supported this position and you went on a three day rant on how
I was wrong.

Apologies?

Ever.

You know I bet your friends and family hate to see you coming. And I
know they run in the other direction every time you show saying here
comes that damn big mouth *clown* Sparky and he going to run his
*righteous big mouth* about something -- LETS GO!

I know they do it Sparky you ass wipe.

Have a crap day!
--
http://www.youtube.com/watch?v=fJVydzNJrno