[Cryptography] Compression before encryption?
Tom Mitchell
mitch at niftyegg.com
Thu Jan 15 23:55:33 EST 2015
On Thu, Jan 15, 2015 at 11:56 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> At 04:22 AM 1/9/2015, Stephan Neuhaus wrote:
> >So, does any one know what paper I might be referring to? Or is there
> any other hard evidence (not personal opinion, however well-informed,
> please) that compression before encryption does or does not help?
>
> Sometimes forgotten about compression algorithms: if something is
> compressed, then at some point it gets uncompressed.
> <http://www.metzdowd.com/mailman/listinfo/cryptography>
>
Decompression bombs are interesting things. Files with holes, images and
more fit this space.
Before fail2ban and the like I once watched my error logs on a web server
and when it was fashionable to look for attack a specific dir or file to
hack into on like machines I tried compression bomb files to slow down the
script kiddies. Today that poke in the eye would be seen as a challenge
and might backfire but since it is a reverse denial of service it is worth
remembering. Most browser and net tools know how to deal with a .gz or
other compressed file when passed it in good faith. Now that I mentioned
this here the decompression side of scripted tools may well defend
themselves.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150115/eb9281a1/attachment.html>
More information about the cryptography
mailing list