Encryption Question

[irishScott]

So I recently subscribed to CrashPlan, but there are some documents (bills, employment info, stuff with my SSN, etc) and whatnot that I maintain in a TrueCrypt container. Obviously these are arguably the most important documents to back up, but I've heard that it could be possible for someone to decipher the keys based on multiple copies of the backup. Essentially the more I modify the container contents over time (and the more corresponding copies that get sent to crashplan) the easier time someone intercepting those copies would have decrypting the container.

I have no formal cryptographic education, so maybe I'm just not typing the right terms into Google, but I can't seem to find any info to confirm or deny this. Anyone know?

Note this concern is about privacy, not security. I have nothing to hide and I certainly don't suspect CrashPlan of attempting to crack my personal documents in their spare time; but I'm a perfectionist, and I like my privacy, at least on the critical stuff, to be as perfect as practical.

 

[Chiefcrowe]

This is the first I heard of that possibility. As far as I know, as long as you encrypt it with a strong scheme and a very strong password, you should be fine.

 

[Oakenfold]

I'm not familiar with this. If I'm understanding correctly you are asking if there is a weakness in the form of encryption algorithm that you have chosen to use with Truecrypt.

Go here http://www.truecrypt.org/docs/encryption-algorithms
Wikipedia the algorithm used on your container for weaknesses and search on the net for weaknesses in the algorithm. That should answer your question.
Oak

 

[Mark R]

It is a theoretical risk in encryption systems that if you have multiple copies of similar, but slightly different, data that information about your encryption keys can leak.

This technique has been used to analyse encryption systems for weaknesses, and when used to probe encryption it is called "differential cryptanalysis". (Interestingly, the NSA discovered this at least 10 years before it was invented by civilians, because they modified the DES encryption algorithm, invented by IBM, to be immune to it. People knew that the NSA had made changes, but no one could work out why, until a group of civilian cryptography researchers discovered the technique. They found that the original prototype DES was highly vulnerable, but the final DES was completely immune, and that's when they realised that the NSA had known all along).

Modern encryption algorithms, such as AES are designed and tested to be highly resistant to this type of attack. So in short, you don't need to worry.

 

[irishScott]

It is a theoretical risk in encryption systems that if you have multiple copies of similar, but slightly different, data that information about your encryption keys can leak.

This technique has been used to analyse encryption systems for weaknesses, and when used to probe encryption it is called "differential cryptanalysis". (Interestingly, the NSA discovered this at least 10 years before it was invented by civilians, because they modified the DES encryption algorithm, invented by IBM, to be immune to it. People knew that the NSA had made changes, but no one could work out why, until a group of civilian cryptography researchers discovered the technique. They found that the original prototype DES was highly vulnerable, but the final DES was completely immune, and that's when they realised that the NSA had known all along).

Modern encryption algorithms, such as AES are designed and tested to be highly resistant to this type of attack. So in short, you don't need to worry.

Good to know! Thanks for the background too!