Re: [openpgp] Disabling compression in OpenPGP

On Wed, Mar 19, 2014 at 02:16:16PM -0700, Gregory Maxwell wrote:
> On Wed, Mar 19, 2014 at 1:47 PM, Jon Callas <jon(_at_)callas(_dot_)org> wrote:
> > What's being leaked by compression? Really, I don't get it.
> Some people like a demonstration.
>
> Consider that I'm going to cast one of two ballots in a secret ballot
> election. The ballots are just permutations of eachother so they are
> the same size.
>
> https://people.xiph.org/~greg/ballot.1
> https://people.xiph.org/~greg/ballot.2
>
> I encrypt my secret ballot to the election officials with the public
> key at https://people.xiph.org/~greg/openpgp_testpubkey.asc
>
> using the command:
> gpg -ear 9C28FC94 --compress-algo ZIP --compress-level 9 ballot.X
> (just being explicit for consistency sake, using GPG 1.4.16 in Fedora
> 19)
>
> And I get the encrypted result of
> https://people.xiph.org/~greg/ballot.secret.asc
>
> Which ballot did I cast?   Anyone?
After realizing that I needed to account for the size of the "Version:"
string I got the exact same size as your secret for ballot.1, so I'm
guessing that was your vote.

Am I right?

-- 
'peter'[:-1]@petertodd.org
0000000000000000c7cb0567f1dddff05db43f9d2c32acdb26e89e69eb80c492

signature.asc
Description: Digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp