Open aaannndddyyy opened 7 years ago
Hi, @aaannndddyyy. A few thoughts:
default_fuzz_source_length
is the number of bytes to read from the pad to use for constructing an integer which is then the actual fuzz length. The only change I could imagine making with default_fuzz_source_length
is bumping it from 2 to 4 -- i.e., from a 16 bit integer to a 32 bit integer. It's hard to imagine wanting more than 64k of fuzz, though! So really only the default_fuzz_source_modulo
matters here.So basically, yes, I think this is a good idea, if done right, but would like to finish the tweaks related to issue #17 first. Although it might not be clear from the discussion there, I'm considering taking @maqp's advice and just getting rid of one of the two fuzz sides, because (especially right now with a 0-512 limit on fuzz) there is no meaningful gain from disguising the position of the plaintext within the overall encrypted message: it's not solving a real problem, as long as the pad is really random OR the plaintext is not a known plaintext, and even if it were solving a problem, it's only making it at most 512 iterations harder to solve that problem, which is not very much for a computer.
If i see it correctly, by only reading 2 bytes for determining the fuzz size, 2^(2_8) numbers can be encoded. the modulo is for cutting it down if the number grows beyond a limit you set. 2^(2_8) bytes of fuzz is not much. if you take an asymptotic curve instead of fixed percentage, it effectively means the attacker can get pretty much the exact size if the file is very big, only tiny percentage of margin.
Re "it's only making it at most 512 iterations harder to solve that problem, which is not very much for a computer.", see my comment on issue #17
Would it make sense to optionally make self._default_fuzz_source_length and self._default_fuzz_source_modulo determined by the length of the plaintext ? Thus the fuzz could be always between 0 and a fixed percentage of the lengths, instead of always between 0 and 511, no matter how big the file gets. WOuld be codewise trivial, but would it be worth burning more pad ?