[AusNOG] Encrypt and compress, or compress and encrypt?

Satellite satellite at internode.on.net
Fri Nov 18 16:35:43 EST 2016


Encrypted data will never compress well - if the encryption algorithm is
strong the output will be close to random noise, which is for all practical
purposes, incompressible

Daniel.


-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Ross
Wheeler
Sent: Friday, 18 November 2016 4:29 PM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] Encrypt and compress, or compress and encrypt?


Esteemed geeks, I seek your considered input.

As part of "that which we may not discuss", I am seeking arguments as to
precedence.

If I have a plain-text log file on machine (a), that I wish to store
securely for some period on machine (b), is it better to encrypt the file
first and then compress it, or to compress it first and then encrypt it?
Either way, it will be encrypted before it leaves machine (a) over an ssh
link, and will be stored in the (compressed and encrypted) form on the
storage device.

I think compression is likely to be vastly superior for text files than
binary files, so compression first, then encrypt the (binary) file, and
indeed a couple of quick tests shows files are 10-15 times larger if I
encrypt first. (330KB vs 5500KB, 125KB vs 1611KB). Given there will be a lot
of files to copy daily, the savings in transmission time, storage and
possibly CPU (must be easier to encrypt a small file than a large one), this
looks like the clear winner.

I'm not sure there's much difference either way when extracting data, but if
anyone knows of a pitfall in this process, I'd rather hear about it before I
get too far down the road!

Thanks guys, and have a good weekend... it's almost beer oclock!

R.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list