Re: NSA and crypto

Paul Rubin wrote:
The information theoretic argument is sound, it's just that if it
makes any practical difference, then AES is so insecure that we're all
in big trouble.

And, to continue the thought, under those premises, even compressing
before you AES encrypt will still be insecure as well (because no
compressor is perfect; any compression algorithm will leave enough
redundancy in the plaintext that you will quickly reach the unicity
distance). So if you believe that all security must rest on purely
information-theoretic foundations, then neither AES encryption on its own,
nor compression followed by AES encryption, is adequate.

Relevant Pages

  • Re: AES with constant key
    ...  But if the message file you encrypt say with straight AES ECB mode ... And thats if AES is perfect which is not likely. ... to trick people into using weak crypto so that the big 3 letter ... My Compression code ...
  • Re: Compression and crypto
    ... I try to decrypted it using AES or RIJNDAEL ... This occurs after the compression. ... combinations would the 128 bit fixed block decrypt to ...
  • Re: Bijective - an explanation please?
    ... >>use AES ... >This doesn't mean bijective compression is worthwhile, ... XORSP xor first byte of file with 0x05 ... 512 trys or less one could decrypt the message. ...
  • Re: Bijective - an explanation please?
    ... since it depends on many things inluding the input file distributions. ... file sizes that are commonly used with AES and 3DES. ... My Crypto code ... old version My Compression code ...
  • Re: Data Compression Before or After Encryption ?
    ... The total numbe rof possible block inputs to AES is 2^128. ... >> I am on the verge of writing my own adaptive huffman data compression ... >> Because a good encryption algorithm should hide the fact that some ... >> Especially for huffman compression it is important that some characters ...