[Cryptography] Summary: compression before encryption

Phillip Hallam-Baker phill at hallambaker.com
Mon Jan 19 18:24:51 EST 2015

Reading through a lot of the replies, it occurs to me that compression
isn't the problem, lack of padding is.

If confidentiality is an issue then message length almost always reveals a
great deal. I added padding to my DNS Privacy proposal because I realized
how much is given away by the message length.

But I am starting to think that the rule should be 'always pad if
confidentiality is an issue'.

In most cases, confidentiality is only a weak concern, its authenticity
that is the prime Web concern most times.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150119/fd5afd65/attachment.html>

More information about the cryptography mailing list