Using other compression algos with GnuPG

David Shaw dshaw at jabberwocky.com
Sat Jan 21 17:34:49 CET 2006


On Sat, Jan 21, 2006 at 09:22:36AM -0700, Kurt Fitzner wrote:
> David Shaw wrote:
> 
> > In fact, BZIP2 was added pretty much for archival purposes:
> > http://www.imc.org/ietf-openpgp/mail-archive/msg04624.html
> > 
> > I wouldn't be against LZMA if it was significantly better than BZIP2.
> 
> My understanding of the reason behind compression in OpenPGP is that it
> was less to give you a smaller output file than it was to reduce obvious
> redundancy in the message so as to improve resistance to cryptanalysis.

No.  The removing obvious redundancy is a nice side benefit, but
compression is not intended to be secure in any way.  If the cipher
isn't enough to make you safe without compression, you're not going to
be really safe no matter what you do with compression.

> Is it cryptographically useful to have LZMA over zlib or bzip2?

No.  But similarly, it is not really cryptographically useful to have
bzip2 over zlib.  Or zlib over zip.

> Wouldn't a better approach be to add detection of compressed data to
> GnuPG?  This way it can turn off compression if it sees precompressed
> data.  If you are looking for better compression, you can then pipe your
> data through your compressor-du-jour first, and then run it through GnuPG.

GnuPG in fact does this.

David



More information about the Gnupg-users mailing list