[AusNOG] Encrypt and compress, or compress and encrypt?

r at js8.me r at js8.me
Fri Nov 18 16:36:29 EST 2016


Hey Ross,

Encrypting a file introduces entropy, so there's usually little to 
nothing to be gained from compressing encrypted data.

Probably not relevant to the specific situation you've described, but
there are some instances where compression can leak data.  See this
blog: https://blog.appcanary.com/2016/encrypt-or-compress.html

-Richard


On Fri, 18 Nov 2016, at 03:28 PM, Ross Wheeler wrote:
> 
> Esteemed geeks, I seek your considered input.
> 
> As part of "that which we may not discuss", I am seeking arguments as to 
> precedence.
> 
> If I have a plain-text log file on machine (a), that I wish to store 
> securely for some period on machine (b), is it better to encrypt the file 
> first and then compress it, or to compress it first and then encrypt it?
> Either way, it will be encrypted before it leaves machine (a) over an ssh 
> link, and will be stored in the (compressed and encrypted) form on the 
> storage device.
> 
> I think compression is likely to be vastly superior for text files than 
> binary files, so compression first, then encrypt the (binary) file, and 
> indeed a couple of quick tests shows files are 10-15 times larger if I 
> encrypt first. (330KB vs 5500KB, 125KB vs 1611KB). Given there will be a 
> lot of files to copy daily, the savings in transmission time, storage and 
> possibly CPU (must be easier to encrypt a small file than a large one), 
> this looks like the clear winner.
> 
> I'm not sure there's much difference either way when extracting data, but 
> if anyone knows of a pitfall in this process, I'd rather hear about it 
> before I get too far down the road!
> 
> Thanks guys, and have a good weekend... it's almost beer oclock!
> 
> R.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


More information about the AusNOG mailing list