win32sux |
02-25-2011 06:40 AM |
Quote:
Originally Posted by Ulysses_
(Post 4270796)
What if the bad guys have all the versions of the encrypted gzipped-tarball you have ever saved?
|
It wouldn't make any difference.
The assumption is, from the start, that the bad guys will have complete access to the ciphertext.
Quote:
Do the versions differ in just as few bytes or are they entirely different from beginning to end?
|
The difference between the plaintext in one version and the next could be a single character, and the bad guys wouldn't know it. In fact, they wouldn't even know if there weren't any changes at all made to the data. This is because a new key is used for every upload, making it extremely difficult (cryptographically speaking) for the bad guys to analyze the relationship between one version and the next (the ciphertext will be completely different).
I'm assuming that a remote TrueCrypt volume doesn't provide this kind of feature/benefit, but I may be mistaken. Honestly, I don't use TrueCrypt (and I'm not familiar with it) so it would be unfair for me to comment on its inner-workings. All I can say is that it would be really, really weird if the TrueCrypt developers haven't thought about the scenario you're presenting.
Hopefully, someone knowledgeable with TrueCrypt can shed light on the particulars involved.
Quote:
Likewise, what if the bad guys have all the versions of the truecrypt volume?
|
Again, any cryptographic solution will need to assume (from as early as the design phase) that the bad guys have access to all the ciphertext, so that doesn't change anything.
Quote:
Edit: Let's say the bad guys guess you are saving bookmarks, therefore they know you only add a bookmark's worth of plaintext at the end of each version.
|
In the gzipped-tarball scenario, this wouldn't be computationally feasible, so I'm gonna assume you're referring to TrueCrypt, in which case all I can really say is that there's nothing wrong with them making an educated guess (see my previous point about statistical analysis).
|