17 Dec
2003
17 Dec
'03
11:17 p.m.
"Jon Leonard" writes:
Perry's right: giving up any statistical information is too much.
A slightly contrived example of why tossing out duplicated bytes is bad:
Suppose that a military organization is using this almost one-time-pad system, and my spies tell my they've fallen into the habit of sending "attack" and "defend" as their only 6-byte messages. This isn't a problem with a real one-time pad (except for traffic analysis...), but this lets me determine the message 3.8% of the time!
This could actually be used for traffic analysis in many instances; you could succeed in extracting small amounts of information from the passing data. Any amount of leakage can in some instances be too much... .pm