IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [compression]

the act of compression reduces the size of the file(s) being compressed by encoding information and eliminating statistical redundancy.

Compression reduces the size of the file(s) being compressed by encoding information and eliminating statistical redundancy.

Related reading

75 questions
3
votes
1 answer

Can Exchange/OWA still compress static images and be immune to HTTP compression attacks?

Microsoft Exchange / OWA (Outlook Web Access) allows for three different types of compression (link for Ex2010) Compression setting Description High Compresses both static and dynamic pages. Low Compresses only…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
3
votes
1 answer

What steganographic techniques can I use in images that survive lossy compression?

Learning a bit about IT security, a segment of the material was the basics of steganography - specifically, hiding information in the lowest significance bits of images, and converting images into sounds. For the first it occurred to me that many…
sisisisi
  • 173
  • 1
  • 5
3
votes
1 answer

Detect a server supporting SPDY?

With my current interest in the CRIME attack, I am currently trying to check if there actually exits a way to "fingerprint" a server that supports SPDY? My research lead me to believe only that the response header "X-Firefox-SPDY" can help. Is there…
Metahuman
  • 493
  • 1
  • 5
  • 12
3
votes
1 answer

How does CRIME work against cookies

Wiki on CRIME: CRIME <...> is a security exploit against secret web cookies RFC 2616 on Content-Encoding: The Content-Encoding entity-header <...> when present, its value indicates what <...> codings have been applied to the entity-body, and thus…
eddyP23
  • 239
  • 2
  • 11
3
votes
2 answers

SSL/TLS compression attacks on mail servers (smtp)

Currently, we know few compression attacks on the SSL/TLS protocol (such as Crime or Breach). I wonder for few days if these attacks are practicable on a mail server (smtp). Is CRIME attack practicable on a mail server ?
Arthur
  • 33
  • 2
3
votes
1 answer

.NET extraction and storage of compression files concerns

I have been provided a specification for an enhancement to one of my companies software products to allow extraction of uploaded compression files (just Zip currently) that will save and migrate the inner files into the customers Records Management…
Cyassin
  • 503
  • 2
  • 6
  • 12
3
votes
3 answers

is g-zipping assets a security concern?

I recently noticed that the assets sent to clients aren't gzipped or minified on either my companies intranet or its public facing website. I brought this to the attention of the networking department (who maintain the server) and asked if they…
Luke
  • 187
  • 5
3
votes
1 answer

Security risks of symmetric encryption with compression for database data

I would like to compress data before encrypting and storing it in a MySQL database to reduce especially bandwith requirements. In the future, the DB may be accessible via a web interface. Various comments on the insecurity of compression plaintext…
azren
  • 141
  • 2
2
votes
3 answers

Disk level encryption + compression performance?

What are pros and cons for using disk level encryption like VeraCrypt and then turning on compression on mounted (virtually decrypted) drive? It seams to me that this can even increase some performance if data is compressed very good as it will…
watbywbarif
  • 121
  • 4
2
votes
2 answers

Determine if compressed or encrypted

I have a bunch of network data and I would like to determine if it is either 1) encrypted or 2) compressed. I doubt it is both, but the potential exists. If I am assuming that the traditional compression headers are stripped (preventing me from…
zz3star90
  • 21
  • 1
2
votes
2 answers

How can I encrypt compressed data safely?

As mentioned in this particular answer, compressing data before encryption may lead to the CRIME attack, especially if the hacker has collected many similar versions of the transmitted data. Let's use the following example for this particular…
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75
2
votes
1 answer

can you update a one-time pad, over one-time pad encryption (compressed)?

This might well be a silly question, but at the moment I've not thought of a reason it doesn't work. As I think is generally known, you should never re-use a one-time pad. But compression allows you to transmit something larger than the number of…
pacifist
  • 794
  • 3
  • 8
2
votes
1 answer

Does storing your files as single compressed archives compromise integrity?

Compressing your files as tar.gz or zip for storage or backup saves space and is faster than handling thousands of files. But it looks like small corruptions in the archive, for example because of damaged media, may make irretrievable many more…
Strapakowsky
  • 3,039
  • 8
  • 26
  • 31
2
votes
0 answers

Protection against JPEG compression bombs

There is a well-known threat named compression bombs. Such image formats as PNG and JPEG use compression methods, and therefore and in theory PNG/JPEG images might be a compression-bomb. I've found an example of PNG, and many mitigations guidelines…
salazar324
  • 33
  • 4
2
votes
1 answer

What method to compress English by hand has the highest compression ratio?

Solitaire is a method for encrypting messages by hand. Reading it though, the only advantage the Solitaire has over a one time pad is that it can encrypt longer messages. It requires a new, random key for each message, just like OTP. In fact,…
PyRulez
  • 2,937
  • 4
  • 15
  • 29
1 2
3
4 5