ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Disabling compression in OpenPGP

2014-03-19 11:43:33

In general, I see two patterns:
- Compression incidentally thwarts some attacks
- Compression fundamentally breaks privacy by leaking plaintext entropy (see 
the Wikimedia Foundation case for a quite convincing example)


In general, compression does the opposite of your second bullet. It *protects* 
privacy by taking things that are typically not pseudo-random (what you're 
calling entropic) -- e.g. text -- into something that is highly pseudo-random.

In specific cases, *flaws* in this conversion when combined with an interactive 
protocol can lead to an attack that is in general, not applicable to a 
non-interactive protocol with large amounts of compressed data.

But in general, this benefits the defender, as the attacker has no idea what 
the *actual* plaintext is (the compressed data) unless they know the base 
plaintext is, and small inaccuracies in the attackers guess lead to large 
differences.

Of course, I could be wrong. I offered an outline for research where you could 
come up with some results that would be impressive. Why not do some work on it?

        Jon


_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp