[Info-vax] Current state of file/disk encryption on VMS

[Alexander Schreiber]

Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
> On 2022-09-01 20:45:30 +0000, Alexander Schreiber said:
>
>> Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>> 
>>> If BACKUP is encrypting data before performing data compression, that's 
>>>  a design bug in BACKUP.
>> 
>> Well, that is actually the right thing do to from a crypto security 
>> point of view. Compressed files tend to have specified headers and 
>> structures, which means that "compress, then encrypt" potentially 
>> enables a nice automatic known plaintext attack. And I suspect that is 
>> the reason it was done this way.
>
> If your chosen encryption reveals your plaintext, your encryption needs 
> help. Whether ghostly penguins, or otherwise.

*sigh*

That is _not_ what "know plaintext attack" means. It means you have
the encrypted message and somehow, through other means, got (part)
of the plaintext. E.g. in WW2 ciphers where broken by this because
the used (known) standard headers and known standard text in known
places (e.g. standard greeting of "Heil Hitler" - now run the brute
forcer until it finds a key that makes the ciphertext decrypt to that).

With modern fileformats, standard headers serve this role - e.g. if
you know that you have an encrypted JPEG image, you know that the
plaintext has a certain header structure (in this case, including
the string "JFIF") you have some help ;-)

One way to guard against this (as has been pointed out elsewhere in
this thread) is to use proper encryption algorithms and protocols
(e.g. AES with random IV in CBC mode), correctly implemented.

Kind regards,
           Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison