2017-07-14T07:13:00Z

If you had to both encrypt and compress data during transmission, which would you do first and why?

it_user703014 - PeerSpot reviewer
  • 20
  • 1396
PeerSpot user
21

21 Answers

it_user570081 - PeerSpot reviewer
Real User
2017-07-20T06:45:02Z
Jul 20, 2017

First compress and then encrypt.

Search for a product comparison in Application Security Tools
it_user161343 - PeerSpot reviewer
Consultant
2017-07-18T19:36:01Z
Jul 18, 2017

This question regarding encrypt and compress data, in which order was a good exercise. Other decision factors that you have to include in the decision process are, what are the business requirements, regulatory requirements, compliance requirements, cyber insurance requirements and the most important requirements are where is the data being stored and who will have access to it. Digital certificates, de-crypt keys and tokens have to be managed in a highly controlled environment. OneSignOn experienced a security breach in March 2017 that got to the de-crypt keys. Most likely an inside job. Here is the link to the news article.

https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/

it_user633780 - PeerSpot reviewer
User
2017-07-19T15:39:56Z
Jul 19, 2017

Compressing data assumes there is a “restoring” at the receiver’s end. Think zip/unzip a file.

If one first compresses then encrypts the file, it would not be able to be restored at the other end.

To me it makes more sense to first encrypt then compress.

Cat Moishanu

it_user248793 - PeerSpot reviewer
Consultant
2017-07-18T23:19:08Z
Jul 18, 2017

Encrypt first, then compress.

it_user144510 - PeerSpot reviewer
Consultant
2017-07-18T18:36:58Z
Jul 18, 2017

If original is plain text. I would compress and next encrypt. If original is binary. In which case compression might not reduce size much. Perhaps an extra conversion to Base64 could be added first, next compress and finally encrypt. In this case compression needs to reduce the size to (way) lower than 75 % to compensate for the expansion of the Base64 step, otherwise I wouldn't compress at all. There is a minimum size under which compression isn't feasible at all I guess.

it_user374928 - PeerSpot reviewer
Real User
2017-07-18T18:15:26Z
Jul 18, 2017

First, you need to compress the data, and then to encrypt it.
Encryption of data converts the sequence into a unique set of characters, in some cases close to random distribution. Compression the unique set may not give the proper effect and the volume of transmitted data using most of the known algorithms will only be increased. The encryption, after data compression, will reduce the transmitted set.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: March 2024.
765,234 professionals have used our research since 2012.
it_user519831 - PeerSpot reviewer
Vendor
2017-07-18T17:40:21Z
Jul 18, 2017

I would consider the requirements against this data transmission like:
- How data is produced and feeds this process?
- How fast and seamless transition is required?
- What is the maximum acceptable error rate?
- Size, type, structure and number of files in a package?
- Also how data will be used on the other side? E.g. if it is stored in encrypted but uncompressed format I would consider encrypt first despite the above comments.

I would also consider preferences, constraints and bottlenecks (like compressibility of files, amount of data, bandwidth, how secure connection we have, storage capacity, calculation capacity etc.) This could result surprising decisions sometimes like leaving compression out , changing the files' content or structure if possible (e.g. not including some resources in the pdf), etc.

After all the considerations if there are still more options I would plan and execute tests on these possible solutions. The results of the tests would be the base of my final decision.

it_user656115 - PeerSpot reviewer
Real User
2017-07-18T17:27:04Z
Jul 18, 2017

Compress and then encrypt.

RJ
Real User
2017-07-18T15:57:33Z
Jul 18, 2017

With regard to your question regarding compression and encryption, my response is included below:

"Compression followed by encryption is a practical approach for secure data transmission. Most modern block ciphers/encryption processes will reduce the data to a pseudo-random sequence of bytes that will typically yield little, if any, compression gain at all. Thus if data in encrypted first, compression is ineffective. In addition, the reduced amount of data resulting from compression decreases the computational demand of the subsequent encryption process. On the receiving end, decryption is followed by decompression."

If you have any question, feel free to reach out to me.

Best regards,

Robert

it_user617598 - PeerSpot reviewer
Vendor
2017-07-18T14:24:43Z
Jul 18, 2017

Hi,

There is no difference in the security provided, but because of the way compression algorithms work, it is advisable to compress first then encrypt.
Compression algorithms exploit statistical redundancies in the data. These would normally be eliminated when you encrypt it, therefore an encrypted message won’t be compressed that well.

it_user682293 - PeerSpot reviewer
Vendor
2017-07-18T14:00:04Z
Jul 18, 2017

Compress then encrypt, basically compression reduces the size by removing redundancy and this in turn reduces some vector which can be used for attacks such as frequency analysis and brute force

it_user161343 - PeerSpot reviewer
Consultant
2017-07-18T13:34:24Z
Jul 18, 2017

Compress before you encrypt in most cases. In some cases compression can serve as a form of encryption such as VoIP.

it_user705015 - PeerSpot reviewer
Vendor
2017-07-18T13:31:26Z
Jul 18, 2017

My suggestion is to review any solution related to Format Preserving Encryption in order to encrypt and avoid big amounts of data. After this, compression would be optional for you. Check this link: https://en.wikipedia.org/wiki/Format-preserving_encryption

it_user432561 - PeerSpot reviewer
User
2017-07-18T13:11:11Z
Jul 18, 2017

I learned that if you encrypt first you will only have random data, which will limit any potential benefit from compression.

So I would say that compress before encrypt

it_user385950 - PeerSpot reviewer
Vendor
2017-07-18T13:00:20Z
Jul 18, 2017

Compress then encrypt

Real User
2017-07-18T12:53:46Z
Jul 18, 2017

Hi,
Compression is based on the frequency of patterns in your data. If you encrypt first most of the patterns will be lost and the compression afterwards will not be efficient. Ex: take a text file, encrypt it then compress it, you will get a lower compression ration than if you compress then encrypt.
Same applies to video and other types of binary data.

it_user572121 - PeerSpot reviewer
Consultant
2017-07-18T12:51:37Z
Jul 18, 2017

Typically, compression is done as the first step, in order to reduce the size of the data and to reduce the patterns and repetitions that original data could have, leading to a stronger encryption due to reducing some attacks (known plaint text and others). As noted, original data could be compressed better than encrypted one, so the logical steps that perform better are compress and encrypt.

it_user687423 - PeerSpot reviewer
Vendor
2017-07-18T12:51:29Z
Jul 18, 2017

Hello,

You should compress first. If you encrypt first, the file will be incompressible because the compressor won’t know what to look for in the data stream. See this article:

https://security.stackexchange.com/questions/19969/encryption-and-compression-of-data

Chris Konicki
IT Security Engineer

it_user228813 - PeerSpot reviewer
Real User
2017-07-18T12:49:05Z
Jul 18, 2017

I would say you first compress the data, as to reduce the number of bytes that need to be encrypted. Given the fact that encryption is a processor intensive activity...

it_user494973 - PeerSpot reviewer
Real User
2017-07-18T12:49:03Z
Jul 18, 2017

My answer would be Compress first because If you encrypt then your data turns into (essentially) a stream of random bits. Random bits are incompressible because compression looks for patterns in the data and a random stream, by definition, has no patterns. Therefore, i believe to compress first.

Thanks,

SHANTHAMURTHY HANUMANTHARAYAPPA - PeerSpot reviewer
Real User
2017-07-18T12:41:10Z
Jul 18, 2017

My answer would be encrypt first as to protect information in the transit. Compress before encryption or after encryption is same as all depends on the data size.

Application Security Tools
Application security is a significant challenge for software engineers, as well as for security and DevOps professionals. It comprises the measures taken to improve the security of online services and websites against malicious attacks by finding, repairing, and preventing security weaknesses and vulnerabilities.
Download Application Security Tools ReportRead more

Related Q&As

Application Security Tools experts

Adrian Cambronero - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Prateek Agarwal - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer
Nadeem Syed - PeerSpot reviewer