[Cryptography] Compression before encryption?

Tom Mitchell mitch at niftyegg.com
Thu Jan 15 23:55:33 EST 2015


On Thu, Jan 15, 2015 at 11:56 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> At 04:22 AM 1/9/2015, Stephan Neuhaus wrote:
> >So, does any one know what paper I might be referring to?  Or is there
> any other hard evidence (not personal opinion, however well-informed,
> please) that compression before encryption does or does not help?
>
> Sometimes forgotten about compression algorithms: if something is
> compressed, then at some point it gets uncompressed.
> <http://www.metzdowd.com/mailman/listinfo/cryptography>
>

Decompression bombs are interesting things.  Files with holes, images and
more fit this space.
Before fail2ban and the like I once watched my error logs on a web server
and when it was fashionable to look for attack a specific dir or file to
hack into on like machines I tried compression bomb files to slow down the
script kiddies.   Today that poke in the eye would be seen as a challenge
and might backfire but since it is a reverse denial of service it is worth
remembering.    Most browser and net tools know how to deal with a .gz or
other compressed file when passed it in good faith.    Now that I mentioned
this here the decompression side of scripted tools may well defend
themselves.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150115/eb9281a1/attachment.html>


More information about the cryptography mailing list