compression – Page 10 – WindowsTechs.com

Encrypted password inside compressed archive

Posted on February 19, 2016 by microwth

File compression utilities like Winrar or ZIP or 7zip encrypt the password and store it inside the archive.

How safe is that? I mean you are giving away the archive with the password inside,it’s not like authenticating again… Continue reading Encrypted password inside compressed archive→

Is gzipping content via TLS allowed?

Posted on October 6, 2015 by Florian Schneider

So I have these few compression directives at http level in nginx:

gzip on;
gzip_http_version 1.1;
gzip_vary on;

I read that this should be avoided because of CRIME/BREACH attack, is this correct?

Continue reading Is gzipping content via TLS allowed?→

Disk level encryption + compression performance?

Posted on April 21, 2015 by watbywbarif

What are pros and cons for using disk level encryption like VeraCrypt and then turning on compression on mounted (virtually decrypted) drive? It seams to me that this can even increase some performance if data is compressed v… Continue reading Disk level encryption + compression performance?→

Does WinRAR leave traces of temporarily extracted files?

Posted on May 12, 2014 by Nean Der Thal

If I have an encrypted RAR file which will only open using a password, and I opened a file directly from within WinRAR by double clicking the file inside WinRAR, I assume that WinRAR will create a temporary version somewhere in the drive (… Continue reading Does WinRAR leave traces of temporarily extracted files?→

With BREACH attack, is session-based CSRF token still secure?

Posted on October 11, 2013 by bitinn

This is something I haven’t been able wrap my head around, if BREACH allow leaking of information, do we have to mask or generate CSRF token in a time-based or per-request fashion to make it more secure?

As far as I know, session-based CS… Continue reading With BREACH attack, is session-based CSRF token still secure?→

How to defeat CRIME, BREACH, TIME etc… server side (without sacrificing compression)

Posted on October 3, 2013 by user31523

I am writing full-stack server side software and I have been researching CRIME attacks and it’s relation to SPDY header compression as I am implementing the server side codecs for it at the moment.

The conclusion seems to be… Continue reading How to defeat CRIME, BREACH, TIME etc… server side (without sacrificing compression)→

Is NTFS file compression vulnerable to a CRIME-like attack when using an encrypted volume?

Posted on January 9, 2013 by Polynomial

I know that content compression can cause SSL to be vulnerable to the CRIME attack, via changes in the content length when injected plaintext matches existing content. Does this principle carry over to NTFS file compression on volumes that… Continue reading Is NTFS file compression vulnerable to a CRIME-like attack when using an encrypted volume?→

Encryption and compression of Data

Posted on September 10, 2012 by Ali Ahmad

If we want both encryption and compression during transmission then what will be the most preferable order.

Encrypt then compress
Compress then encrypt

Continue reading Encryption and compression of Data→