Open levigross opened 9 years ago
@levigross what purpose does the compression you recommend serve?
Save DB space.
On Mon, May 11, 2015 at 1:52 PM, Dana Spiegel notifications@github.com wrote:
@levigross https://github.com/levigross what purpose does the compression you recommend serve?
— Reply to this email directly or view it on GitHub https://github.com/foundertherapy/django-cryptographic-fields/issues/3#issuecomment-100996954 .
You don't really want to compress encrypted data, you want to first compress, then encrypt.
@apolkosnik No you don't :). Compressing than encrypting leads to attacks like CRIME (https://en.wikipedia.org/wiki/CRIME) and BREACH (https://en.wikipedia.org/wiki/BREACH_(security_exploit))
If you're trying to compress bytes with large degree of randomness (e.g. ciphertext) then you are wasting your CPU cycles, because the result will have useless compression ratio.
The field contains more than just the cipher text and it may be nice to compress (zlib) the output of the "Fernet" encryptor.