Chaotic evil is encrypting, compressing, then encrypting again.
The encryption: base64 encoding
The real question is do you encrypt-and-sign or sign-and-encrypt?
Anyone willing to drop some learning on a lay person? Is encrypted data less compressable because it lacks the patterns compression relies on?
Or, is it less secure to encrypt first because smart people things? I know enough about cryptography to know I know fuck all about cryptography.
ELI5 : Take the string AAAA.
A simple Cypher would be to change the letters to the next one in the alphabet and offset by 1 for each letter, the message would encrypt to ABCD.
If you try to compress that, well you can’t do it, otherwise you lose required information.
If you were to compress AAAA first, you could represent it as the string 4A. You can then encrypt that to 5B.
Encrypting is about adding entropy to a message. Compressing is about finding common groups and represent them differently so that the size is lower. Compressing an encrypted message is basically useless because you added so much entropy to the message that there are no more recognizable patterns to apply compression to.
It isn’t compressible at all, really. As far as a compression algorithm is concerned, it just looks like random data.
Imagine trying to compress a text file. Each letter normally takes 8 bits to represent. The computer looks at 8 bits at a time, and knows which character to display. Normally, the computer needs to look at all 8 bits even when those bits are “empty” simply because you have no way of marking when one letter stops and another begins. It’s all just 1’s and 0’s, so it’s not like you can insert “next letter” flags in that. But we can cut that down.
One of the easiest ways to do this is to count all the letters, then sort them from most to least common. Then we build a tree, with each character being a fork. You start at the top of the tree, and follow it down. You go down one fork for 0 and read the letter at your current fork on a 1. So for instance, if the letters are sorted “ABCDEF…” then “0001” would be D. Now D is represented with only 4 bits, instead of 8. And after reading the 1, you return to the top of the tree and start over again. So “01000101101” would be “BDBAB”. Normally that sequence would take 40 bits to represent, (because each character would be 8 bits long,) but we just did it in 11 bits total.
But notice that this also has the potential to produce letters that are MORE than 8 bits long. If we follow that same pattern I listed above, “I” would be 9 bits, “J” would be 10, etc… The reason we’re able to achieve compression is because we’re using the more common (shorter) letters a lot and the less common (longer) letters less.
Encryption undoes this completely, because (as far as compression is concerned) the data is completely random. And when you look at random data without any discernible pattern, it means that counting the characters and sorting by frequency is basically a lesson in futility. All the letters will be used about the same, so even the “most frequent” characters are only more frequent by a little bit due to random chance. So now. Even if the frequency still corresponds to my earlier pattern, the number of Z’s is so close to the number of A’s that the file will end up even longer than before. Because remember, the compression only works when the most frequent characters are actually used most frequently. Since there are a lot of characters that are longer than 8 bits and those characters are being used just as much as the shorter characters our compression method fails and actually produces a file that is larger than the original.
I understood this despite being drunk, thank you for the excellent explanation!
Don’t know about gz but zip files can be encrypted using passwords
Don’t compress encrypted data since it opens you up to attacks like CRIME, unless it’s at rest and static data.
If that’s true, what’s to stop someone else from just compressing it themself and opening the same attack vector?
Doesn’t actually matter
Encrypted data compresses much worse than non-encrypted data, so it does matter in terms of size.