[AusNOG] Encrypt and compress, or compress and encrypt?

Chris Barnes chris.p.barnes at gmail.com
Fri Nov 18 17:00:14 EST 2016


My best guess is to compress first because of the dictionary coding method
used by a lot of compression algorithms.

If you encrypt first the dictionary coding function won't have much to work
with.


On Fri, 18 Nov 2016, 16:29 Ross Wheeler <ausnog at rossw.net> wrote:

>
> Esteemed geeks, I seek your considered input.
>
> As part of "that which we may not discuss", I am seeking arguments as to
> precedence.
>
> If I have a plain-text log file on machine (a), that I wish to store
> securely for some period on machine (b), is it better to encrypt the file
> first and then compress it, or to compress it first and then encrypt it?
> Either way, it will be encrypted before it leaves machine (a) over an ssh
> link, and will be stored in the (compressed and encrypted) form on the
> storage device.
>
> I think compression is likely to be vastly superior for text files than
> binary files, so compression first, then encrypt the (binary) file, and
> indeed a couple of quick tests shows files are 10-15 times larger if I
> encrypt first. (330KB vs 5500KB, 125KB vs 1611KB). Given there will be a
> lot of files to copy daily, the savings in transmission time, storage and
> possibly CPU (must be easier to encrypt a small file than a large one),
> this looks like the clear winner.
>
> I'm not sure there's much difference either way when extracting data, but
> if anyone knows of a pitfall in this process, I'd rather hear about it
> before I get too far down the road!
>
> Thanks guys, and have a good weekend... it's almost beer oclock!
>
> R.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20161118/ba8bcff1/attachment.html>


More information about the AusNOG mailing list