Jay Prime Positive writes:
From: Martin Janzen <janzen@idacom.hp.com> Date: Fri, 27 May 94 14:43:02 MDT
Most compression programs add a characteristic signature to the beginning of the compressed output file. If a cryptanalyst guesses that you may be compressing before encrypting, wouldn't this make his job easier? To me, this sounds as though you're adding a known bit of "plaintext" to the start of each message.
In short, you are right, compression algorithms often _do_ include a magic number at the begining.
However, compression algorithms intended for cryptographic applications don't have to include a magic number. This is especialy true if the crypto system is never used without the compression algorithm. [...]
OK; so ideally this is something that would be built in to one's encryption/decryption program. I was thinking of UNIX compress, gzip, and the like.
Finaly, the state of the art in cryptanalysis (as far as I know), sugests that modern crypto systems aren't as vulnerable to known plaintext as past systems. The best attacks I know of (differential, and linear cryptanalysis) require masive (about 2^30 blocks for DES) amounts of known, or chosen, plaintext -- though miniscule relative to the key size (2^56 again for DES).
That's good to know! Thanks for the explanation, Jay. -- Martin Janzen janzen@idacom.hp.com Pegasus Systems Group c/o Hewlett-Packard, IDACOM Telecom Operation