Posted by: Anonymous
on February 02, 2008 02:13 PM
It leaks 20 "aggregate" bits per 8K plaintext? This is horribly, horribly, horribly bad. If it leaks only plaintext bits, it's not too evil, but the word "aggregate" seems to imply it's leaking from the Key or IV. This is unimaginably bad, especially PER 8K plaintext! If it is, in fact, leaking from anything _other_ than the plaintext, this is so bad that you're probably better off with the efficiency gains of just NOT-ing all the bits (i.e. rot128ing each byte)... in the worst case senario of this, you've just reduced the complexity of breaking your system over 1,000,000 times. The fact that this is per 8K of plaintext, means that the worst case senario seems highly likely to be a gross underestimate. NOT-ing the bits will keep a random peruser away, and this system won't keep an attacker away. note that 50 years divided by 1000000 is about 25 minutes, and note also that 20bits leaked from the plaintext is nowhere near as drastic.