• bioemerl@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    The problem is that when you compress before you encrypt, the file size becomes a source of data about the contents. If an attacker has control of part of the data - say - a query string, they can use that to repeatedly add things to your data and see how the size changes as a result.

    • bastian_5@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      So it sounds like compression before encryption should only be done in specific circumstances because it can be a security issue depending on use case, but encryption before compression should never be done because it will almost always increase the size of the file