[Cryptography] Summary: compression before encryption
Phillip Hallam-Baker
phill at hallambaker.com
Tue Jan 13 23:22:35 EST 2015
On Tue, Jan 13, 2015 at 5:23 PM, Nemo <nemo at self-evident.org> wrote:
> Nice summary, with one nitpick...
>
> Stephan Neuhaus <stephan.neuhaus at zhaw.ch> writes:
>
> > Another respondent (albert at puigsech.com) argued that
> > Encrypt-then-Compress was also an option ("has its pros")
>
> Compression after encryption is nonsense. Under any modern definition of
> "secure", a secure cipher's output is computationally indistinguishable
> from random noise, which is not compressible.
>
> Put another way, to compress the long-run output of a cipher is to break
> it, by definition.
>
Its a little off topic but not much, but Rob Stradling and I have a way to
compress CRLs that are essentially just collections of hashes.
Yes, it is not possible to compress encrypted data if the encryption is any
good and this is actually a good check to see if you have goofed by using
ECB or whatever. But don't be too sure that random data can't compress.
Sometimes it can - we get down to 3-4 bits per revoked cert.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150113/e0208116/attachment.html>
More information about the cryptography
mailing list