Hi, On 2018-04-02 10:25:04 -0400, Robert Haas wrote: > In general, I'd expect compressing data to be beneficial for the > security of encryption because it should increase the entropy of the > encrypted bytes, but obviously it's not hard to hypothesize cases > where the opposite is true for one reason or another.
I don't think it's actually ever a really positive thing for security to compress before encrypting, and encrypting after should always be useless. The problem is that that opens one hell of a sidechannel attack, because you're suddenly leaking information about the compressability of the transferred data. If there's any way attackers have knowledge, or worse influence, of any of the transported data that allows to make inferrerences about the content and potentially the key. Whereas there should never be a observable difference in the encrypted stream, if you use a sane cipher mode (i.e. NOT ECB). Greetings, Andres Freund
