Is Compress-Then-Encrypt Safe Here?
79 views
Skip to first unread message
sanketh
Oct 16, 2020, 7:24:02 PM10/16/20
to age...@googlegroups.com
Hi,
The README for age
(https://github.com/FiloSottile/age/blob/21a7203f6a899379131f3ec9be026519eebcc555/README.md)
suggests compressing then encrypting the data. From cryptography, this
rings some bells because compress-then-encrypt is not traditionally
secure (one can, for example, distinguish between AAAA and ABCD) and the
spec doesn't seem to address this issue. I couldn't find any mentions of
this issue on the internet and I was wondering if there was an obvious
security argument I am missing.
Best,
Sanketh
The README for age
(https://github.com/FiloSottile/age/blob/21a7203f6a899379131f3ec9be026519eebcc555/README.md)
suggests compressing then encrypting the data. From cryptography, this
rings some bells because compress-then-encrypt is not traditionally
secure (one can, for example, distinguish between AAAA and ABCD) and the
spec doesn't seem to address this issue. I couldn't find any mentions of
this issue on the internet and I was wondering if there was an obvious
security argument I am missing.
Best,
Sanketh
Brian Williams
Oct 16, 2020, 8:00:15 PM10/16/20
to sanketh, age...@googlegroups.com
That sort of attack is only really feasible if the attacker knows the length of the plaintext. Like, if you were encrypting a bunch of passwords and they were always the same length (in which case you wouldn’t be compressing anyway). If you’re encrypting a bunch of files like in the example, it’s very unlikely to have any security impact.
> On Oct 16, 2020, at 6:24 PM, sanketh <sgm...@gmail.com> wrote:
>
> Hi,
> You received this message because you are subscribed to the Google Groups "age-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to age-dev+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/age-dev/016b4673-15ac-7eff-bf7e-1b6140480fff%40gmail.com.
> On Oct 16, 2020, at 6:24 PM, sanketh <sgm...@gmail.com> wrote:
>
> Hi,
>
> The README for age (https://github.com/FiloSottile/age/blob/21a7203f6a899379131f3ec9be026519eebcc555/README.md) suggests compressing then encrypting the data. From cryptography, this rings some bells because compress-then-encrypt is not traditionally secure (one can, for example, distinguish between AAAA and ABCD) and the spec doesn't seem to address this issue. I couldn't find any mentions of this issue on the internet and I was wondering if there was an obvious security argument I am missing.
>
> Best,
> Sanketh
>
> --
> The README for age (https://github.com/FiloSottile/age/blob/21a7203f6a899379131f3ec9be026519eebcc555/README.md) suggests compressing then encrypting the data. From cryptography, this rings some bells because compress-then-encrypt is not traditionally secure (one can, for example, distinguish between AAAA and ABCD) and the spec doesn't seem to address this issue. I couldn't find any mentions of this issue on the internet and I was wondering if there was an obvious security argument I am missing.
>
> Best,
> Sanketh
>
> You received this message because you are subscribed to the Google Groups "age-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to age-dev+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/age-dev/016b4673-15ac-7eff-bf7e-1b6140480fff%40gmail.com.
Reply all
Reply to author
Forward
0 new messages