Re: Compress before encrypting? (Was Re: NSA Helped Yeltsin...)

[Martin Janzen <janzen@idacom.hp.com>]

Jay Prime Positive writes:
>
>   From: Martin Janzen <janzen@idacom.hp.com>
>   Date: Fri, 27 May 94 14:43:02 MDT
>
>   Most compression programs add a characteristic signature to the beginning
>   of the compressed output file.  If a cryptanalyst guesses that you may
>   be compressing before encrypting, wouldn't this make his job easier?
>   To me, this sounds as though you're adding a known bit of "plaintext" to
>   the start of each message.
>
>  In short, you are right, compression algorithms often _do_ include a
>magic number at the begining.
>
>  However, compression algorithms intended for cryptographic
>applications don't have to include a magic number.  This is especialy
>true if the crypto system is never used without the compression
>algorithm. [...]

OK; so ideally this is something that would be built in to one's
encryption/decryption program.  I was thinking of UNIX compress,
gzip, and the like.

>  Finaly, the state of the art in cryptanalysis (as far as I know),
>sugests that modern crypto systems aren't as vulnerable to known
>plaintext as past systems.  The best attacks I know of (differential,
>and linear cryptanalysis) require masive (about 2^30 blocks for DES)
>amounts of known, or chosen, plaintext -- though miniscule relative to
>the key size (2^56 again for DES).

That's good to know!  Thanks for the explanation, Jay.


-- 
Martin Janzen           janzen@idacom.hp.com
Pegasus Systems Group   c/o Hewlett-Packard, IDACOM Telecom Operation