Safety questions

Adrian 'Dagurashibanipal' von Bidder
Tue Jul 2 15:29:02 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2002-07-02 at 14:58, Michal Wencl wrote:
> Hi everybody.
> I have a few questions on how to use GPG or encryption in general:
> 1. Is it better to encrypt (by symmetric cipher) plain file or a=20
> compressed one? Does it even matter?

compressed one:
 - data size is smaller
 - many cryptoanalysis methods are based on the statistical distribution
of the characters in cleartext. compressed file have uniform
distribution (ideally: can't be distinguished from random data).

But for gpg, it doesn't really matter as gpg will compress the data
before encrypting it.

> 2. Is there a safety risk if an attacker knows the target file=20
> type (structure), e. g. if he or she knows that the encrypted=20
> file is a JPEG picture, HTML document, gzip archive, Windows=20
> executable, Unix binary etc.?

see above: in theory, yes. But I'm not a mathematician, so I can't
comment how relevant this is in practice. (same for your 3rd question)

-- vbi

secure email with gpg               

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.0.7 (GNU/Linux)