Re: Compression and crypto

David Eather wrote:
May I play devil's advocate with a scenario? A TLA
suspects an individual of something bad (perhaps they have advocated
square dancing where the number of participants is a prime number?).
They monitor e-mails from this individual, looking for any of a dozen
inflammatory messages that are being circulated in subversive groups
such as alt.dance. They do not find the messages but instead find two
encrypted messages, each matching the exact length (or exact length plus
MAC) of an inflammatory message. Even though the encryption is strong,
the square dancing, free thinker is hosed.

If he had used data compression he might have been OK (i.e. text has 1.3
bits of entropy per byte, therefor there are a lot more plausible
messages that could compress to that size - it is not so damming.

Is this a case of different threat models being applicable?

Everything you say makes sense to me. I can't argue with it. This is
a second good example of how pre-compression might help security (to go
along with the idea that reducing redundancy may make statistical attacks
harder). I suspect there's probably a bit of "horses for courses" going
on here. The real question is, Is pre-compression the best solution for
the problem, given a fixed budget? I don't deny that pre-compression may
help in some cases; but I suspect that there are often better solutions.
.