[Cryptography] Compression before encryption?

Henry Baker hbaker1 at pipeline.com
Thu Jan 15 14:56:13 EST 2015

At 04:22 AM 1/9/2015, Stephan Neuhaus wrote:
>So, does any one know what paper I might be referring to?  Or is there any other hard evidence (not personal opinion, however well-informed, please) that compression before encryption does or does not help?

Sometimes forgotten about compression algorithms: if something is compressed, then at some point it gets uncompressed.  If an attacker can send such a "compressed" message, then (s)he can send a _super-compressed_ message -- one which uncompresses into a super-sized message that will choke any buffer/memory allocation/swap partition/address space.  Such a supercompressed message is a buffer overflow on steroids.  Depending upon the compression algorithm, some uncompressed messages can be several exponentials larger than their compressed versions.  Some programs are unprepared for this explosion of bits.

More information about the cryptography mailing list