I was not referring to post-encryption compression in the context of SSL or other, proven, known-sane encryption algorithms. I probably should have made this point *much* clearer to avoid confusion. I posed the scenario to would-be cryptographers who [99.99999% of the time] wrongly believe they've created the "next great encryption algorithm".
In any case, the Apache processing chain applies SSL as the last stage anyway, so compressing *after* encryption, under normal Apache request processing, won't happen without someone [who knows *exactly* what they're doing] forcing the issue. Best~ -dsp -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric Rescorla Sent: Wednesday, August 20, 2003 11:44 AM To: [EMAIL PROTECTED] Subject: Re: configuration question Cliff Woolley <[EMAIL PROTECTED]> writes: > On Tue, 19 Aug 2003, Eric Rescorla wrote: > > > "Dave Paris" <[EMAIL PROTECTED]> writes: > > > In addition to Owen's salient points about compression working efficiently > > > on repetitive strings in plaintext/binary data (e.g. whitespace in a Word > > > document) and not on random data (e.g. encrypted data), some encryption > > > algorithms can actually be weakened by compressing the resulting data, > > > giving a cryptanalyzer clues to the inner workings of the algorithm. > > > > No reasonable encryption algorithm will be weakened this way. > > I agree. I'm guessing what he meant is that some encryption algorithms > are weakened if their /input/ is pre-compressed by some known algorithm. > If the cleartext is in some known format, it might possibly be easier to > recover it from the ciphertext. True. But no modern algorithm is susceptible to this kind of known plaintext attack either. Moreover, SSL incorporates all sorts of opportunities for known plaintext. I wouldn't worry about this one. -Ekr ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
