Questions tagged [compression]
the act of compression reduces the size of the file(s) being compressed by encoding information and eliminating statistical redundancy.
81 questions
0
votes
2
answers
151
views
Best practice for Open SSL / TLS compression and CRIME
The general consensus on enabling SSL Compression is "don't" because of the CRIME exploit. However, this exploit seems to have been mitigated in 2012.
I want to know:
Should I still avoid ...
- 103
2
votes
1
answer
347
views
Is Error Level Analysis (ELA) in image forensics a reliable indicator for detecting digital modifications?
I'm reading about Error Level Analysis (ELA) in image forensics as means to detect if modifications were made to a photo. ELA is nicely described here: https://fotoforensics.com/tutorial.php?tt=ela. ...
- 7,715
1
vote
1
answer
186
views
Is an API vulnerable to BREACH if HTTP compression is only enabled for endpoints that are authenticated using bearer tokens?
Let's assume an API returns sensitive information (e.g. medical or financial) to authenticated users only.
In some circumstances responses may include information the user supplied in the request (e.g....
- 13
2
votes
4
answers
2k
views
HTTPs compression, CSRF and mobile apps
I have a backend for a mobile application that has to serve large JSON responses from time to time, the transfer would be greatly helped by enabling compression, especially when the user has bad ...
- 123
1
vote
2
answers
449
views
How does malware work when compressed?
I have read up on compressed folders of file types such as .zip, .rar and .7zip being the malicious file itself (excluding cases such as an .exe file being disguised as a .zip file etc...), only ...
1
vote
1
answer
347
views
Fuzzy hash of a file
Could someone please explain this to me: When you use a fuzzy hash algorithm (ssdeep, tlsh, sdhash... or any other) to calculate the hash value of a file, does it calculate the hash based on the whole ...
- 55
24
votes
2
answers
6k
views
Is compression mandatory with TLS?
I've had a look within the official TLS specification but I cannot see any mention of this. Does TLS allow compression to be disabled? Or is it mandatory?
- 341
1
vote
1
answer
173
views
Does filesystem compression aid cryptanalysis?
I use LUKS to encrypt all sensitive data on my computer. If I switch to using a filesystem with on-the-fly data compression such as ZFS, should I use its compression feature together with LUKS? Does ...
- 43
0
votes
1
answer
2k
views
Gzip only request body of HTTPS request security BREACH?
I'm not an expert of security.
I heard it's not recommended to enable GZIP compression for HTTPS requests, that would open a security issue (see SO answer: https://stackoverflow.com/a/4063496/17307650 ...
- 135
5
votes
0
answers
1k
views
Protection against JPEG compression bombs
There is a well-known threat named compression bombs. Such image formats as PNG and JPEG use compression methods, and therefore and in theory PNG/JPEG images might be a compression-bomb.
I've found an ...
- 63
0
votes
1
answer
374
views
Any risk on viewing the content of a RAR file without extracting it?
lets say I have a rar file that has a bunch of images inside. Is there any risk of opening the image inside the rar without extracting the entire file?
8
votes
1
answer
888
views
How sensitive are acoustic side-channels to compression with a narrowband codec?
Assume sensitive audio emissions from a mechanical keyboard. These audio emissions are often sufficient to reconstruct the actual key presses that generated the sound. If the audio is compressed using ...
- 67.8k
5
votes
2
answers
3k
views
Compression and Encryption against security issues
I'm having a hard time knowing whether the following setup is vulnerable to CRIME/BREACH type attacks (which target HTTPS).
I am running a Wireguard VPN that tunnels VXLAN protocol, using ChachaPoly20 ...
- 153
1
vote
0
answers
483
views
3
votes
3
answers
943
views
Does compression level influence security of encryted 7z files?
I want to archive some GB of sensitive data. It is to be stored on an external drive that also includes non sensitive data so i don't want to encrypt the whole drive. For that purpose i want to use ...
- 33