[Cryptography] Is there a good algorithm providing both compression and encryption at the same time?

ianG iang at iang.org
Sat May 16 11:05:11 EDT 2015 

On 16/05/2015 02:08 am, Ryan Carboni wrote:
>     HTTPS everywhere should be effective against casual snooping, e.g.,
>     watch all the web traffic through a proxy and look for naughty words.
>     It's certainly not a magic bullet against a determined opponent who's
>     looking at a specific target.
>
>     R's,
>     John
>
>
> A 32768-bit block cipher would make what you are saying true (and would
> also be good for hard disk encryption).
>
> But one can determine things with 16-byte precision with modern ciphers.
>
> And one does not usually look at one wikipedia page.
>
> And one does not look for people on a case by case basis.
>
> One looks for patterns. The fact that your name has appeared on this
> list may or may not merit the expenditure of an additional hundred
> thousand CPU cycles. And there are other things, one does not need to
> know what web pages you look at, simply what websites you look at. All
> resources are finite. So it all amounts to prioritization.



All this is true.  But there is one thing that makes OS (opportunistic 
security) a winner whereas every other approach is a loser.

Opportunistic Security is the on-ramp.

It is practically impossible to move a totally unsecured platform like 
HTTP across to HTTPS.  For this we have evidence - when HTTPS was 
released, it immediately caused a bifurcation which opened up the 
downgrade attack to phishing which made HTTPS approximately child's play 
to defeat in secure browsing.

The problem then is how to get the 99% to start using SSL?  Because, 
HTTPS doesn't work as a security model unless pretty much all your 
traffic is on SSL.

The answer is, perversely:  opportunistic security, as an on-ramp.  If 
all of HTTP migrates to HTTPS opportunistically, it becomes much easier 
to upgrade the OS protocol by adding in certs and TOFU and what have you 
than without.  It's an up-switch, drive up the on-ramp, no more, users 
just absorb the improvement in the highway without having to do a thing.

Whereas if you pick and poke at any one connection and prove through 
decades of inscrutable wisdom that it is insecure, you're looking at 
leaves falling off the tree when the wind rustles through.  You aren't 
seeing tree, let along the forest.

It really isn't about whether any one connection can be attacked.  It's 
about the overall balance between protecting those we want to protect 
and not wasting energy on perfect security;  making it easy enough so 
that the medium-grade protection users deserve is available by default, 
and hard enough such that the dedicated attackers just go in and hack 
their machines.

To further strain the metaphors, right now, we're looking at 
deforestation.  We want to get back to sustainable logging.



iang

More information about the cryptography mailing list