[Cryptography] Summary: compression before encryption
Phillip Hallam-Baker
phill at hallambaker.com
Mon Jan 19 18:24:51 EST 2015
Reading through a lot of the replies, it occurs to me that compression
isn't the problem, lack of padding is.
If confidentiality is an issue then message length almost always reveals a
great deal. I added padding to my DNS Privacy proposal because I realized
how much is given away by the message length.
But I am starting to think that the rule should be 'always pad if
confidentiality is an issue'.
In most cases, confidentiality is only a weak concern, its authenticity
that is the prime Web concern most times.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150119/fd5afd65/attachment.html>
More information about the cryptography
mailing list