[Info-vax] Current state of file/disk encryption on VMS

[Alexander Schreiber]

Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 9/1/2022 4:45 PM, Alexander Schreiber wrote:
>> Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>> On 2022-08-18 22:50:38 +0000, Rich Jordan said:
>>>> And backup savesets can be encrypted, but at the cost of both increased
>>>> time and the loss of compression (which is often a substantial time and
>>>> space saver itself).
>>>
>>> If BACKUP is encrypting data before performing data compression, that's
>>> a design bug in BACKUP.
>> 
>> Well, that is actually the right thing do to from a crypto security
>> point of view. Compressed files tend to have specified headers and
>> structures, which means that "compress, then encrypt" potentially
>> enables a nice automatic known plaintext attack. And I suspect that
>> is the reason it was done this way.
>> 
>> And yes, my personal backups do the "archive, compress, encrypt"
>> dance because "someone with enough resources to run a known plaintext
>> attack against my backups" is not part of my threat scenarios, I'm
>> not exactly a very high profile (or profitable even) target, to put it
>> mildly.
>
> I don't think AES with random IV and block chaining is vulnerable to
> known plain text attacks even with very valuable data aka large
> resources available (at least no such attack possibility has been 
> publicized).


Yes, AES with properly random IV and CBC mode is resistant against
it as far as we know, it is not. And the size of the key space will
keep the spectre of brute force attacks away for quite some time.

Kind regards,
           Alex.
-- 
"Opportunity is missed by most people because it is dressed in overalls and
 looks like work."                                      -- Thomas A. Edison