[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?

[Jerry Leichter]

On May 10, 2015, at 9:15 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Jerry Leichter <leichter at lrw.com> writes:
>> One can readily construct an example where this is false.  
>> [...]
> 
> Sure, you can come up with hypothetical examples to demonstrate almost
> anything about any crypto or security issue.  As used in EDI though, it's safe
> enough.
> 
> And in general you need to ask "safe against what?" rather than just saying 
> "safe" or "unsafe".  Most users of crypto don't know or care about traffic 
> analysis, it's only a tiny subset of security geeks who do, so any definition 
> of "safe" doesn't need to include "safe against traffic analysis".  When I 
> used the term "safe" I meant "safe against anything that EDI users care 
> about", for example.
Well, fine, but the responsibility is on use security geeks to understand what's safe and what's not and make sure the system is appropriate for its intended use - and the reasonably foreseeable additional uses to which it will be put.

And even then there will be surprises.  You'd have thought that compress-then-encrypt would be perfectly safe for VoIP, but as the article I cited earlier shows, you'd have been very wrong.
                                                        -- Jerry