[AusNOG] Encrypt and compress, or compress and encrypt?

Matt Perkins matt at spectrum.com.au
Fri Nov 18 16:47:35 EST 2016


GPG has a compress option from memory.

Matt


On 18/11/16 4:36 pm, r at js8.me wrote:
> Hey Ross,
>
> Encrypting a file introduces entropy, so there's usually little to
> nothing to be gained from compressing encrypted data.
>
> Probably not relevant to the specific situation you've described, but
> there are some instances where compression can leak data.  See this
> blog: https://blog.appcanary.com/2016/encrypt-or-compress.html
>
> -Richard
>
>
> On Fri, 18 Nov 2016, at 03:28 PM, Ross Wheeler wrote:
>> Esteemed geeks, I seek your considered input.
>>
>> As part of "that which we may not discuss", I am seeking arguments as to
>> precedence.
>>
>> If I have a plain-text log file on machine (a), that I wish to store
>> securely for some period on machine (b), is it better to encrypt the file
>> first and then compress it, or to compress it first and then encrypt it?
>> Either way, it will be encrypted before it leaves machine (a) over an ssh
>> link, and will be stored in the (compressed and encrypted) form on the
>> storage device.
>>
>> I think compression is likely to be vastly superior for text files than
>> binary files, so compression first, then encrypt the (binary) file, and
>> indeed a couple of quick tests shows files are 10-15 times larger if I
>> encrypt first. (330KB vs 5500KB, 125KB vs 1611KB). Given there will be a
>> lot of files to copy daily, the savings in transmission time, storage and
>> possibly CPU (must be easier to encrypt a small file than a large one),
>> this looks like the clear winner.
>>
>> I'm not sure there's much difference either way when extracting data, but
>> if anyone knows of a pitfall in this process, I'd rather hear about it
>> before I get too far down the road!
>>
>> Thanks guys, and have a good weekend... it's almost beer oclock!
>>
>> R.
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
/* Matt Perkins
         Direct 1300 137 379        Spectrum Networks Ptd. Ltd.
         Office 1300 133 299        matt at spectrum.com.au
                                    Level 6, 350 George Street Sydney 2000
         Spectrum Networks is a member of the Communications Alliance & TIO
*/



More information about the AusNOG mailing list