Re: [openpgp] Disabling compression in OpenPGP
Jon Callas <jon@callas.org> Wed, 19 March 2014 16:43 UTC
Return-Path: <jon@callas.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F210C1A07DF for <openpgp@ietfa.amsl.com>; Wed, 19 Mar 2014 09:43:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o-PqdoGsnIwF for <openpgp@ietfa.amsl.com>; Wed, 19 Mar 2014 09:43:29 -0700 (PDT)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id BD2A81A07DC for <openpgp@ietf.org>; Wed, 19 Mar 2014 09:43:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id EC5CF4F97386; Wed, 19 Mar 2014 09:43:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frznN44Jp4ph; Wed, 19 Mar 2014 09:43:11 -0700 (PDT)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id B18B24F9736A; Wed, 19 Mar 2014 09:43:09 -0700 (PDT)
Received: from [10.0.23.30] ([173.164.244.98]) by keys.merrymeet.com (PGP Universal service); Wed, 19 Mar 2014 09:43:11 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Wed, 19 Mar 2014 09:43:11 -0700
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <CALR0uiL0-Xp8E=F3idtzBkmRNLk7K_M_cqMt+i2HdNqaNkwn=w@mail.gmail.com>
Date: Wed, 19 Mar 2014 09:43:07 -0700
Message-Id: <849778F8-1C16-4FF8-A039-6363C158BD1F@callas.org>
References: <CALR0uiJG6GcngWMUkg6NrP7_4uwf8+QDn6aMF-qonOpRMLdo3w@mail.gmail.com> <95BD0817-D762-41DD-8444-A0C4F7AF1003@jabberwocky.com> <CALR0uiL0-Xp8E=F3idtzBkmRNLk7K_M_cqMt+i2HdNqaNkwn=w@mail.gmail.com>
To: Alfredo Pironti <alfredo.pironti@inria.fr>
X-Mailer: Apple Mail (2.1874)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/2MMgwfP59K6lt6w01agCjEG0Ovw
Cc: David Shaw <dshaw@jabberwocky.com>, openpgp@ietf.org, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] Disabling compression in OpenPGP
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2014 16:43:32 -0000
> > In general, I see two patterns: > - Compression incidentally thwarts some attacks > - Compression fundamentally breaks privacy by leaking plaintext entropy (see the Wikimedia Foundation case for a quite convincing example) In general, compression does the opposite of your second bullet. It *protects* privacy by taking things that are typically not pseudo-random (what you're calling entropic) -- e.g. text -- into something that is highly pseudo-random. In specific cases, *flaws* in this conversion when combined with an interactive protocol can lead to an attack that is in general, not applicable to a non-interactive protocol with large amounts of compressed data. But in general, this benefits the defender, as the attacker has no idea what the *actual* plaintext is (the compressed data) unless they know the base plaintext is, and small inaccuracies in the attackers guess lead to large differences. Of course, I could be wrong. I offered an outline for research where you could come up with some results that would be impressive. Why not do some work on it? Jon
- [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Simon Josefsson
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP David Shaw
- Re: [openpgp] Disabling compression in OpenPGP Andrey Jivsov
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Florian Weimer
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Jon Callas
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Peter Todd
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell
- Re: [openpgp] Disabling compression in OpenPGP Nicholas Cole
- Re: [openpgp] Disabling compression in OpenPGP Werner Koch
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP Werner Koch
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Alfredo Pironti
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP ianG
- Re: [openpgp] Disabling compression in OpenPGP Hauke Laging
- Re: [openpgp] Disabling compression in OpenPGP Gregory Maxwell