[Info-vax] Current state of file/disk encryption on VMS
Arne Vajhøj
arne at vajhoej.dk
Thu Sep 1 19:37:39 EDT 2022
On 9/1/2022 4:45 PM, Alexander Schreiber wrote:
> Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>> On 2022-08-18 22:50:38 +0000, Rich Jordan said:
>>> And backup savesets can be encrypted, but at the cost of both increased
>>> time and the loss of compression (which is often a substantial time and
>>> space saver itself).
>>
>> If BACKUP is encrypting data before performing data compression, that's
>> a design bug in BACKUP.
>
> Well, that is actually the right thing do to from a crypto security
> point of view. Compressed files tend to have specified headers and
> structures, which means that "compress, then encrypt" potentially
> enables a nice automatic known plaintext attack. And I suspect that
> is the reason it was done this way.
>
> And yes, my personal backups do the "archive, compress, encrypt"
> dance because "someone with enough resources to run a known plaintext
> attack against my backups" is not part of my threat scenarios, I'm
> not exactly a very high profile (or profitable even) target, to put it
> mildly.
I don't think AES with random IV and block chaining is vulnerable to
known plain text attacks even with very valuable data aka large
resources available (at least no such attack possibility has been
publicized).
Arne
More information about the Info-vax
mailing list