The rule is: never compress something secret together with something potentially... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

api on June 28, 2016 | parent | context | favorite | on: “Should you encrypt or compress first?”

The rule is: never compress something secret together with something potentially attacker-influenced.

If the attacker can influence the traffic, they can potentially gather information about the secret by examining the effect of differing traffic patterns on the size of the encrypted result.

TorKlingberg on June 28, 2016 | [–]

No, the rule is: never compress something secret together with something potentially attacker-influenced, at least if the length of the compressed data leaks.

api on June 28, 2016 | | [–]

Fixed. That was a typo/thinko.

AgentME on June 28, 2016 | [–]

That's an excellent rule, but that doesn't cover the other example used about voice communications.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact