Re: Compression and crypto

Thats the problem its a mistake waiting to bite you. You should assume
if you want security that it might be vulnerabe to a plaintext attack
I know, I know, with compression we usually put a non negligeable
quantity of known or predictable information to "housekeeping" to allow
uncompression.
However, a lot of known or predictable information is anyway featured
in the plaintext in a real world case: think what happens encrypting a
file of known format, we have the header and padding that are known to
the attacker; encryptiong a database, a lot of padding matherial or
some field may be as well be known or guessed, and so on.
Moreover the whole point of my post was that we should *always* assume
that the attacker have an arbitrary knowledge of the plaintext, and
still be not able to recover the key, nor to recover any single bit of
the message he/she doesn't know with a probability > 1/2^n where n is
the number of bit unknown to the attacker, so we anyway need to use
only cryptosystems known to not allow plaintext attack, and imediately
cease using cryptosystems were emerges such attacks, since relying on a
a perfect secrecy of the whole plaintext to te attacker is practically
very hard to obtain (however, I completely agree with you as it would
save us some headhackes making the whole category of plaintext attacks
infeasible, that would be really a good security feature!) and for
Kerckhoffs' principles we should not even need to assume it.

.

Relevant Pages

  • [NT] Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (MS03-044)
    ... Get your security news from a reliable source. ... A security vulnerability exists in the Help and Support Center function ... *Microsoft Windows Millennium Edition ... An attacker could exploit the vulnerability by constructing a URL that, ...
    (Securiteam)
  • [UNIX] Security Analysis of VTun
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... An attacker can modify ... Packet forwarding: ... password) as encryption key. ...
    (Securiteam)
  • [REVS] Security Considerations for Web-based Applications
    ... Get your security news from a reliable source. ... consequences of this ranges from the erosion of customer confidence in the ... of poorly implemented host naming procedures or web-application URL ... The attacker may choose to inject ...
    (Securiteam)
  • [NT] Windows Media Player Directory Traversal Vulnerability (WMZ)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... When Media Player 7 or 8 is installed, ... As most other Internet Explorer vulnerabilities, ... cannot be guessed by a potential attacker. ...
    (Securiteam)
  • [NT] MHTML vulnerability in Outlook Express
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in Outlook Express allows an attacker to run code of the ... If an attacker were to host a malicious website that contained an MHTML ...
    (Securiteam)