* Angel L. Mateo (amateo@um.es) [020626 23:40]: > El jue, 27-06-2002 a las 07:54, nate escribió: > > > > i dont think SSH's compression should affect security either way. > > I use it mostly out of habbit, it can sometimes improve the responsiveness > > of a connection. > > > > I would expect if compression did affect SSH's security it would > > be documented and well known ... > > > Why it hast to be a problem? Finally, you have an encrypted message, so > what is the problem? > > If ssh encrypts first and then compresses, you can uncompress the > message, but then all you've got is an encrypted message. By other side, > if ssh compresses first and then encrypts, you can't even uncompress the > message because you have to decrypt it previously. It doesn't make any sense to encrypt first and then compress. A good cipher will produce non-compressible output: it will look like random data and not have distinguishable patterns in it. Compression is generally used with encryption because it reduces the redundancies in the plaintext, which can make cryptanalysis harder. English text is regarded at somewhere near 1-1.5 bits per letter. Compression can greatly improve this "randomness" by reducing the redundancy. Also, encryption is generally "expensive" CPU-wise, so compressing first reduces the amount of work to be done. good times, Vineet -- http://www.doorstop.net/ -- "Computer Science is no more about computers than astronomy is about telescopes." -E.W. Dijkstra
Attachment:
pgpuO9h5qogZt.pgp
Description: PGP signature