Safety questions (Michal Wencl)

Leigh S. Jones, KR6X kr6x@kr6x.com
Tue Jul 2 17:42:02 2002


1. Is it better to encrypt (by symmetric cipher) plain file or a
compressed one? Does it even matter?

The level of security provided by gpg is so high that the
additional security provided by compression is a minor
issue.  But, yes, if someone were to attack your encryption
by "brute force", the compression provides an additional
impediment.  A brute force attack takes tremendous
computer resources and is more costly to accomplish than
your encrypted data is worth to the attacker.  Adding the
requirement of expanding a compressed file to this further
drains the computing resources of the attacker.

2. Is there a safety risk if an attacker knows the target file
type (structure), e. g. if he or she knows that the encrypted
file is a JPEG picture, HTML document, gzip archive, Windows
executable, Unix binary etc.?

This should not be considered a safety risk.  As in the case
of compressed data, many of these file formats are difficult
to recognize as the correctly unencrypted data.  For an attacker
it is more difficult to decrypt your data if he does not understand
the nature of the data.  If he looks for text, he will very likely be
searching for keys that turn the encrypted data into something
that contains a lot of spaces.  Spaces in text are an attackers
friend.  They occur much more often in correctly deciphered
data than they do in garbage.  It's not necessary to look for
words, only spaces.  JPEG files, gzip archives, etc., have
less spaces, so an attacker looking for text could overlook
them.  If you are an attacker who has to look for JPEG files,
gzip archives, plus text, then your computer doing the search
has to do more computing than the attacker who only needs
to look for text.  This is trivial to program, but takes time
when the attack is really underway.

3. If an attacker gets a plaintext and a ciphertext can he or she
find the passphrase?

This question is very vague.  In general, encryption with gpg
is not performed using a cipher that uses a passphrase.  The
passphrase is instead used to protect your secret key from
an attacker who has been able to gain a copy of your keyring
or of your exported secret key.  Symmetric key encryption is
available with gpg using a password, but the password itself
is passed through a "hash" which turns the password into a
small pseudo-random number.  Having both a copy of the
encrypted data and the associated unencrypted data for this
kind of encryption does provide an attacker with additional
information that would make it easier for him to attack the
cipher than it would be without the unencrypted data.  Rather
than revealing the password to the attacker, this would make
it easier for the attacker to discover the small pseudo-random
number used for the encryption that was based on the
password.

It is probably safer to use public key encryption rather than
symmetric key encryption in applications where an attacker
can gain access to the unencrypted file associated with a
particular encrypted file.  But in either case there is some
loss of security when attackers have this kind of free access
to data on both sides of an encryption process.

----- Original Message -----
From: "Michal Wencl" <mwencl@centrum.sk>
To: <gnupg-users@gnupg.org>
Sent: Tuesday, July 02, 2002 05:58
Subject: Safety questions


Hi everybody.

I have a few questions on how to use GPG or encryption in general:

1. Is it better to encrypt (by symmetric cipher) plain file or a
compressed one? Does it even matter?
2. Is there a safety risk if an attacker knows the target file
type (structure), e. g. if he or she knows that the encrypted
file is a JPEG picture, HTML document, gzip archive, Windows
executable, Unix binary etc.?
3. If an attacker gets a plaintext and a ciphertext can he or she
find the passphrase?

And the last one:
4. Is there a GNU replacement for PGPdisk?

Regards,
Michal Wencl

----------------------------------------------------------------
http://www.webpark.sk/novy-web.htm - Profesionálny webhosting

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users