That sort of attack is only really feasible if the attacker knows the length of the plaintext. Like, if you were encrypting a bunch of passwords and they were always the same length (in which case you wouldn’t be compressing anyway). If you’re encrypting a bunch of files like in the example, it’s very unlikely to have any security impact.
> On Oct 16, 2020, at 6:24 PM, sanketh <
sgm...@gmail.com> wrote:
>
> Hi,
>
> The README for age (
https://github.com/FiloSottile/age/blob/21a7203f6a899379131f3ec9be026519eebcc555/README.md) suggests compressing then encrypting the data. From cryptography, this rings some bells because compress-then-encrypt is not traditionally secure (one can, for example, distinguish between AAAA and ABCD) and the spec doesn't seem to address this issue. I couldn't find any mentions of this issue on the internet and I was wondering if there was an obvious security argument I am missing.
>
> Best,
> Sanketh
>
> --
> You received this message because you are subscribed to the Google Groups "age-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
age-dev+u...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/age-dev/016b4673-15ac-7eff-bf7e-1b6140480fff%40gmail.com.