[Cryptography] Compression before encryption?

[Henry Baker]

At 04:22 AM 1/9/2015, Stephan Neuhaus wrote:
>So, does any one know what paper I might be referring to?  Or is there any other hard evidence (not personal opinion, however well-informed, please) that compression before encryption does or does not help?

Sometimes forgotten about compression algorithms: if something is compressed, then at some point it gets uncompressed.  If an attacker can send such a "compressed" message, then (s)he can send a _super-compressed_ message -- one which uncompresses into a super-sized message that will choke any buffer/memory allocation/swap partition/address space.  Such a supercompressed message is a buffer overflow on steroids.  Depending upon the compression algorithm, some uncompressed messages can be several exponentials larger than their compressed versions.  Some programs are unprepared for this explosion of bits.