[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?
huitema at huitema.net
Sun May 10 13:54:28 EDT 2015
On May 10, at 6:16 AM, Peter Guttmann wrote
> And in general you need to ask "safe against what?" rather than just saying
> "safe" or "unsafe". Most users of crypto don't know or care about traffic
> analysis, it's only a tiny subset of security geeks who do, so any definition
> of "safe" doesn't need to include "safe against traffic analysis". When I
> used the term "safe" I meant "safe against anything that EDI users care
> about", for example.
It depends on the application. If it uses fixed length message, e.g., 20 milliseconds of audio, then using variable length compression is very revealing. If it is subject to data injection, variable length compression enables guessing attacks. If it uses variable length messages, like web pages, then variable length compression does not reveal more than not compressing. For the latter, random padding looks tempting. But I fear that the random padding has to be statistically as large as the standard deviation between the message lengths.
-- Christian Huitema
More information about the cryptography