[sllug-members]: Encrypted backup tapes
Jason Holt
jason at lunkwill.org
Thu Jan 11 13:14:28 MST 2007
On Thu, 11 Jan 2007, Corey Edwards wrote:
> On Thu, 2007-01-11 at 12:24 -0700, M. Alton jensen wrote:
>> I'm not sure if this is distro specific, but the defaults for gnupg on
>> my desktop(SuSE) include compressing the item being encrypted. I ran a
>> simple test with a text file to confirm this and here are the results.
>>
>>> du -sk test.txt*
>> 328 test.txt
>> 40 test.txt.gpg
>> 40 test.txt.gz
>
> A lot of encryption schemes, and I believe PGP is one of them, implement
> a compression step before the encryption. The idea is to increase the
> entropy. Plain text really isn't that random, whereas compression by
Schneier (even acknowledges that) he did us a disservice by talking about data
compression as a way to strengthen a cipher in Applied Cryptography, since any
good cipher doesn't need compression to be strong. In fact, if you were using
a weak cipher, compression could work against you, since compression data
structures put certain bits in predictable places.
So, I consider it bad to tell people that you're compressing to strengthen the
cipher, since that gives people the impression that good ciphers still need
help. But compressing to strengthen the cipher even though you know it
shouldn't be necessary, or because you know that it won't do any good to
compress after encrypting, are okay. I am reminded of The Power Cycle Koan:
A novice was trying to fix a broken lisp machine by turning the
power off and on. Knight, seeing what the student was doing spoke sternly,
"You cannot fix a machine by just power-cycling it with no understanding of
what is going wrong." Knight turned the machine off and on. The machine
worked.
-J
More information about the sllug-members
mailing list