发表新帖
发表新帖

Is it better to encrypt a message and then compress it or the other way around? Which provides more security?

前端 未结
关注
9 1273
离开以前
离开以前 2020-12-09 02:33

I have the assumption there is no added protection at all.

相关标签:
9条回答
  • 南旧
    2020-12-09 03:07

    There is no added security (as compression is not a security mechanism), but a properly encrypted message shouldn't be easily compressible (i.e. rule of thumb: if you can significantly compress an encrypted message, something is wrong).

    Therefore, compress then encrypt.

    0 讨论(0)
  • 别那么骄傲
    2020-12-09 03:13

    Warning: if an attacker controls part of the plaintext that gets compressed, and can observe the size of the resulting encrypted ciphertext, they may be able to deduce the rest of the plaintext, by adjusting the part that they control until the length of the ciphertext decreases (which implies that there was some repetition between the part of the plaintext they control and the secret part of the plaintext).

    See https://en.wikipedia.org/wiki/CRIME for example.

    0 讨论(0)
  • 我寻月下人不归
    2020-12-09 03:16

    Yep, there should be no difference in the security provided.

    0 讨论(0)
 看不清?
提交回复
热议问题