[Wikimedia-l] Disinformation regarding perfect forward secrecy for HTTPS
Marc A. Pelletier
marc at uberbox.org
Sat Aug 3 00:44:15 UTC 2013
On 08/02/2013 08:15 PM, James Salsman wrote:
> No, that is not true, and
> http://www.ieee-security.org/TC/SP2012/papers/4681a332.pdf
> explains why. Padding makes it difficult but not impossible to distinguish
> between two HTTPS destinations. 4,300,000 destinations is right out.
... have you actually /read/ that paper? Not only does it discuss how
naive countermeasures like you suggest aren't even able to protect
against identification at that coarse level, they are presuming much
*less* available data to make a determination than what is readily
available from visiting /one/ article (let alone what extra information
you can extract from one or two consecutive articles because of the
correlation provided by the links).
Traffic analysis is a hard attack to protect against, and just throwing
random guesses at what makes it harder is not useful (and yes, padding
is just a random guess that is /well known/ in the litterature to not
help against TA despite its benefits in certain kinds of known plaintext
and feedback ciphers).
I recommend you read ''Secure Transaction Protocol Analysis: Models and
Applications'', by Chen et al (ISBN 9783540850731). It's already a
little out of date and a bit superficial, but will give you a good basic
working knowledge of the problem set and some viable approaches to the
subject.
-- Marc
More information about the Wikimedia-l
mailing list