Don't they also generally depend on the attacker either having access to a steady stream of crypto-events, or being able to cause them? i.e. you either watch a loaded system doing encryption, or create some load and time it yourself.

Neither of which would be relevant to an offline file format.