[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?
Bill Cox
waywardgeek at gmail.com
Thu May 7 11:03:36 EDT 2015
On Wed, May 6, 2015 at 2:03 PM, Ben Laurie <ben at links.org> wrote:
> Compression is fundamentally problematic.
>
>
> http://en.wikipedia.org/wiki/Transport_Layer_Security#CRIME_and_BREACH_attacks
>
> http://www.links.org/?p=127 <http://www.links.org/?p=1277>
We need a way to tell the lower-level transport to not encrypt the most
sensitive data, by inserting a marker into the stream that disables/enables
compression. This would not stop all data leakage, but at least it could
help protect security tokens and other keys.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150507/2a911da0/attachment.html>
More information about the cryptography
mailing list