Arthur Britto wrote:
A known plain text attack is a vulnerability, but with a good encryption algorithm, very little can be gained even with a few known plaintext pairs. To the best of my knowledge, there are no known serious "known plaintext" attacks on Rijndael (but cryptanalysis methods improve daily). Even with a plaintext cyphertext pair, you'll still need on the order of 2^255 cycles to find a matching key. However, the concern is reasonable for the long term if someone finds such a weakness in your cypher of choice.Here is an example command to use symmetrical encryption with gpg:cat passphrase.txt | gpg -c --no-secmem-warning --cipher-algo RIJNDAEL256 --command-fd 0 --yes -o OUTPUT INPUT If you choose a pass phrase you can remember, you need never worry about loosing a floppy or piece of paper with a private key. Having known plain text in the data you encrypt significantly weakens your security.
Hmm... if the archive always starts with the same plain text, you don't really gain any information (other than the fact that it always starts with the same plain text). If it were in other parts of the file, and you were encrypting in ECB mode, someone might be able to start picking apart separate files to attack (potentially in a larger known plaintext attack if they can get the original files).In particular, since you are making multiple files with the same pass phrase, having the same known plain text could be particularly bad.
Yes, but the first block will be 32 bytes long. I believe tar files start with the file name. So an attacker will need to know what the first file name is.If you are using tar or a similar program to create the file which you are backing up, then the back up file will have a fixed sequence of characters at the very beginning. This is known plain text.
As long as you are using CBC or some other feedback mode, yes - this will improve the security. Without going into a lot of detail (you'd be better reading a good crypto book) - known plaintext attacks are vulnerable to this countermeasure whereby each successive block is dependant on the previous block's data. In ECB mode, you essentially have a dictionary that is indexible between plaintext and cyphertext blocks. A very large dictionary - given.Unfortunately, I am not able to recall where I heard this and would appreciate if anyone can provide the source or refute the following: To eliminate a weakness with known plain text at the very beginning of a file to be encrypted, you can insert a fixed amount of random data before the data you are encrypting. When decrypting your data, you simply discard the random data after decryption. Ideally gpg would do this for you, but I have not checked the program to see if it does this. <snip>
So, if you were to employ this paranoid (although when encryption is being discussed, that is a compliment) strategy, you'd really want to start with a random file name:
NAME=`dd if=/dev/urandom count=16 bs=1 2>/dev/null | hexdump -e '"%x"'`
touch /tmp/$NAME
tar -cf $ARCHIVE_NAME /tmp/$NAME $FILES_FOR_ARCHIVE
rm /tmp/$NAME
... that will give you a mostly random first 32 bytes, and won't require manipulating the tar archive directly (like prefixing the file with garbage). This would protect you from a known cyphertext attack on the first block, and set up the the CBC for the remaining with a good random initial vector.
I'm not sure how to tell gpg to use a particular encryption mode (ECB/CBC), so I can't help you there.
--
[EMAIL PROTECTED] mailing list
