From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Fri, 27 Dec 2019 17:27:46 +0100 (CET)
Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245])
 by v1.tansi.org (Postfix) with ESMTPA id 30E4914005E
 for <dm-crypt@saout.de>; Fri, 27 Dec 2019 17:27:35 +0100 (CET)
Date: Fri, 27 Dec 2019 17:27:45 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20191227162745.GA10947@tansi.org>
References: <CAENf94KvV4zJWNAYArZDyM6pz7xk8asEoADyEfmhBtGnMF8jGQ@mail.gmail.com>
 <fa8394fd-74d2-d56f-af9e-654627c7ea1a@mousecar.com>
 <xcsvcvspcwrfkq9qvp4d9nqh@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <xcsvcvspcwrfkq9qvp4d9nqh@localhost>
Subject: Re: [dm-crypt] How to compress LUKS2 header?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Fri, Dec 27, 2019 at 17:20:11 CET, Michael Kjörling wrote:
> On 27 Dec 2019 10:56 -0500, from gebser@mousecar.com (ken):
> > Compressing a file is one step in the encryption of that file.  So if
> > your LUKS2 header file is encrypted, it's also already compressed. 
> > Using ZIP on it would yield no further compression.
> 
> No, encryption does not imply compression. Rather, trying to compress
> ciphertext is a largely pointless exercise if the encryption is any
> good in the first place; therefore, _if_ you're going to compress the
> data you're encrypting (keeping in mind that doing so is not always a
> good idea; see compression oracle attacks), then you need to compress
> first, then encrypt, not the other way around.

Well, actually compressing encrypted data is very easy. It just 
has one mandatory condition that has to be met: You have to be able
to decrypt. Moden ciphers make sure you can only do that when
you have the key. 


> I'm pretty sure the LUKS header backup isn't compressed.

It is not. Also, the anti-forensic stripes are not encyption.
They are basically an all-or-nothing transformation and that 
is different form encryption.

Regards,
Arno

> -- 
> Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se
>  “Remember when, on the Internet, nobody cared that you were a dog?”
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier