Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: Compress the output of the "Fernet" encryptor #3

Open
levigross opened this issue May 11, 2015 · 5 comments
Open

Enhancement: Compress the output of the "Fernet" encryptor #3

levigross opened this issue May 11, 2015 · 5 comments
Labels
question

Comments

@levigross
Copy link

The field contains more than just the cipher text and it may be nice to compress (zlib) the output of the "Fernet" encryptor.
@danaspiegel
Copy link
Member

@levigross what purpose does the compression you recommend serve?

@levigross
Copy link
Author

Save DB space.

On Mon, May 11, 2015 at 1:52 PM, Dana Spiegel [email protected]
wrote:

@levigross https://github.com/levigross what purpose does the
compression you recommend serve?


Reply to this email directly or view it on GitHub
#3 (comment)
.

@apolkosnik
Copy link

You don't really want to compress encrypted data, you want to first compress, then encrypt.

@levigross
Copy link
Author

@apolkosnik No you don't :). Compressing than encrypting leads to attacks like CRIME (https://en.wikipedia.org/wiki/CRIME) and BREACH (https://en.wikipedia.org/wiki/BREACH_(security_exploit))

@apolkosnik
Copy link

If you're trying to compress bytes with large degree of randomness (e.g. ciphertext) then you are wasting your CPU cycles, because the result will have useless compression ratio.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danaspiegel @levigross @apolkosnik