[Info-vax] Current state of file/disk encryption on VMS

Alexander Schreiber als at usenet.thangorodrim.de
Thu Sep 1 16:45:30 EDT 2022 

Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2022-08-18 22:50:38 +0000, Rich Jordan said:
>
>> Wee!, its audit time again!
>> 
>> I reviewed the VSI site and didn't see mention but thought I would ask 
>> here also.
>
>> And backup savesets can be encrypted, but at the cost of both increased 
>> time and the loss of compression (which is often a substantial time and 
>> space saver itself).
>
> If BACKUP is encrypting data before performing data compression, that's 
> a design bug in BACKUP.

Well, that is actually the right thing do to from a crypto security
point of view. Compressed files tend to have specified headers and
structures, which means that "compress, then encrypt" potentially
enables a nice automatic known plaintext attack. And I suspect that
is the reason it was done this way.

And yes, my personal backups do the "archive, compress, encrypt"
dance because "someone with enough resources to run a known plaintext
attack against my backups" is not part of my threat scenarios, I'm
not exactly a very high profile (or profitable even) target, to put it
mildly.

> Properly encrypted data is not compressible, but properly compressed 
> data can be encrypted.

Of course once encrypted, compression doesn't really serve a purpose
except eat some CPU time.

> And yes, OpenVMS systems are comparatively slow, and supported 
> processors prior to x86-64 are lacking in encryption acceleration 
> hardware features.
>
> https://en.wikipedia.org/wiki/AES_instruction_set
>
> While most (all?) recent x86-64 hardware does have hardware 
> acceleration support for encryption, I'd assume OpenVMS x86-64 is not 
> (yet?) using that.

I would hope that will happen soon, as pretty much any supported
platform for OpenVMS amd64 probably can be safely assumed to have
AESNI (and it is easy to check).

Kind regards,
          Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison

More information about the Info-vax mailing list