Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264838AbUDWPRJ (ORCPT ); Fri, 23 Apr 2004 11:17:09 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264842AbUDWPRJ (ORCPT ); Fri, 23 Apr 2004 11:17:09 -0400 Received: from p4.ensae.fr ([195.6.240.202]:17121 "EHLO pc809.ensae.fr") by vger.kernel.org with ESMTP id S264838AbUDWPQz (ORCPT ); Fri, 23 Apr 2004 11:16:55 -0400 From: Guillaume =?iso-8859-1?q?Lac=F4te?= Reply-To: Guillaume@Lacote.name Organization: Guillaume@Lacote.name To: =?iso-8859-1?q?J=F6rn=20Engel?= Subject: Re: Using compression before encryption in device-mapper Date: Fri, 23 Apr 2004 17:16:53 +0200 User-Agent: KMail/1.5.3 Cc: linux-kernel@vger.kernel.org, Linux@glacote.com References: <200404131744.40098.Guillaume@Lacote.name> <200404221506.43017.Guillaume@Lacote.name> <20040422160033.GB23746@wohnheim.fh-wedel.de> In-Reply-To: <20040422160033.GB23746@wohnheim.fh-wedel.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200404231716.53481.Guillaume@Lacote.name> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1936 Lines: 40 Feel free to ignore all of my reply; please note that I am not trying to "be right" or to "be wrong" but I still do not understand ... Thank you still for your time and pedagogy. > Yeah, sure, the attacker has no idea what the plaintext of those > blocks is, but if they appear often enough, it has to be something > quite common. Something like, say, all ones or all zeros. Or like > one of those 48 common huffman encodings thereof. > [...] > So what! You end up with maybe three bits per zero (assuming all > zeros). Depending on the size of random data up front, they start > with bit 1, 2 or 3. Makes 3*2^3 or 24 possibilities. Same for all > ones, give a total of 48. Great, a dictionary attack is 48x slower > now! > [...] > Still, towards the end of all-ones or all-zeros, each byte will be > encoded with the same 1-3bit value. The point I fail to understand is the following : you know the enciphered value of these 1-3bits. But how can you know what is compressed-but-deciphered 1-3bit value ? Ok my text contains only 0s. OK these 0s appear to be "011" once encrypted. How do you launch your dictionnary attack ? You do _not_ (?) know what the 3bit deciphered code for "0" is. Or maybe you do ? > [...] > In that case, what's your point. If the key is strong and the > encryption is strong (I sure hope, AES is), nothing short of brute > force can be successful. What are you protecting against? Maybe my "endless" story is absurd, but I am _not_ protecting against weak keys; I am trying to protected against weak _data_ , which is the basis for dictionnary attacks even in the case of perfectly random keys. Thank you for having read till here, Guillaume. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/