by Patterson Programming (5 Submissions)
Category: Encryption
Compatability: VB 6.0
Difficulty: Unknown Difficulty
Originally Published: Fri 14th July 2000
Date Added: Mon 8th February 2021
Rating: 
(1 Votes)
StealthMail 2.1 - Notice to users of StealthMail.
API Declarations
Because of a sci.crypt post describing a specific weakness of the CBC mode of data encryption, I am announcing a warning to users of StealthMail 2.1. This weakness applies to any block cipher used in CBC mode. Even Blowfish. The attacker looks for ciphertext blocks that are the SAME for a given amount of data, encrypted with the SAME key. This can leak information for 16 characters (two blocks) of the plaintext data. The attack typically requires more than a gigabyte of ciphertext, and reveals 16 bytes of plaintext for 32 gigabytes of ciphertext. The plaintext revealed is random. The attack cannot typically target a specific block.
What can you do to prevent this type of attack? StealthMail 2.1 uses compression and also combines a SALT with the key. This does not prevent attack, however it helps discourage it. THE WAY TO PREVENT THE ATTACK is to dump your key-chest in StealthMail and re-issue different keys to your contacts. Do this if you transmit a large amount of data. However, it is smart do do it occasionally anyway. Some public-key systems (like PGP) have automatic key management, however you must trust the random number generator that makes the keys.
Source: http://lasecwww.epfl.ch/birthday.shtml
VBcoders
