Questions tagged [compression]
the act of compression reduces the size of the file(s) being compressed by encoding information and eliminating statistical redundancy.
81 questions
0
votes
2
answers
165
views
Best practice for Open SSL / TLS compression and CRIME
The general consensus on enabling SSL Compression is "don't" because of the CRIME exploit. However, this exploit seems to have been mitigated in 2012.
I want to know:
Should I still avoid ...
- 103
1
vote
1
answer
191
views
Is an API vulnerable to BREACH if HTTP compression is only enabled for endpoints that are authenticated using bearer tokens?
Let's assume an API returns sensitive information (e.g. medical or financial) to authenticated users only.
In some circumstances responses may include information the user supplied in the request (e.g....
- 13
1
vote
2
answers
454
views
How does malware work when compressed?
I have read up on compressed folders of file types such as .zip, .rar and .7zip being the malicious file itself (excluding cases such as an .exe file being disguised as a .zip file etc...), only ...
24
votes
2
answers
6k
views
Is compression mandatory with TLS?
I've had a look within the official TLS specification but I cannot see any mention of this. Does TLS allow compression to be disabled? Or is it mandatory?
- 341
0
votes
1
answer
3k
views
Gzip only request body of HTTPS request security BREACH?
I'm not an expert of security.
I heard it's not recommended to enable GZIP compression for HTTPS requests, that would open a security issue (see SO answer: https://stackoverflow.com/a/4063496/17307650 ...
- 135
0
votes
1
answer
374
views
Any risk on viewing the content of a RAR file without extracting it?
lets say I have a rar file that has a bunch of images inside. Is there any risk of opening the image inside the rar without extracting the entire file?
5
votes
2
answers
3k
views
Compression and Encryption against security issues
I'm having a hard time knowing whether the following setup is vulnerable to CRIME/BREACH type attacks (which target HTTPS).
I am running a Wireguard VPN that tunnels VXLAN protocol, using ChachaPoly20 ...
- 153
3
votes
3
answers
946
views
Does compression level influence security of encryted 7z files?
I want to archive some GB of sensitive data. It is to be stored on an external drive that also includes non sensitive data so i don't want to encrypt the whole drive. For that purpose i want to use ...
- 33
5
votes
3
answers
2k
views
Does TLS 1.3 mitigate the BREACH vulnerability?
Section 5.4 of the TLS 1.3 specification describes record padding.
One of the mitigations for BREACH is to add random padding.
Therefore, I'm wondering:
Does TLS 1.3 require random record padding? I'...
- 151
3
votes
1
answer
1k
views
What steganographic techniques can I use in images that survive lossy compression?
Learning a bit about IT security, a segment of the material was the basics of steganography - specifically, hiding information in the lowest significance bits of images, and converting images into ...
- 193
1
vote
1
answer
2k
views
Lost RAR password, is there any way to access my data? [closed]
I lost my winrar password of my file. I need to access it. Is it possible? If yes, how?
- 21
8
votes
1
answer
4k
views
How to protect websites against ZIP bombs and reference bombs?
A Zip bomb (concept here) seems quite a "smart" and easy vulnerability to websites where uploading ZIP files is allowed. Such sites are under a threat (at least to make some degree of damage to them) -...
- 2,747
0
votes
1
answer
800
views
Which HTTP Compression should I use (and how?)
I know that there are multiple HTTP Compression tools out there.
In order to entirely prevent a site from being susceptible to BREACH, which HTTP Compression algorithm should I use?
Also, how ...
- 144
-5
votes
3
answers
3k
views
Which encryption algorithm allows for the less output data than source data? [duplicate]
I am trying to figure out how to get my source information to compile smaller using encrypted text. This could potentially change the game in transferring large-chunked data and offer security at the ...
- 101
0
votes
2
answers
692
views
Best way to encrypt user data stored in xml?
First of all I am not very familiar with the world of encryption so please be nice.
I have got a data that should store in an xml using NetDataContractSerializer. This xml file gets the size of from ...
- 1
15
votes
1
answer
1k
views
JPEG artifacts leaking information about redacted contents
It was mentioned that JPEG should not be used between image creation and redaction of sensitive contents, because compression artifacts around the redacted area may leak information. Given how this ...
- 67.8k
2
votes
1
answer
122
views
Application control of HTTP content compression [closed]
How does an application control whether or not its http content is compressed? I am not talking about TLS level compression, but rather about the compression of https:// response bodies only.
In ...
- 51
0
votes
0
answers
105
views
Detectability of packing files in Windows 10
I follow the tutorial here: https://www.youtube.com/watch?v=g0RmclTe7Lo
to pack calc.exe in windows 10 at
C:\Windows\System32\calc.exe
But I get the following error:
What's the problem?
It seems ...
- 263
18
votes
8
answers
17k
views
Are 7-Zip password-protected split archives safe against hackers when they are password-protected a couple of times?
Imagine I wish to upload my sensitive personal information (photos, document scans, list of passwords, email backups, credit card information, etc.) on Google Drive (or any other cloud service).
I ...
- 239
11
votes
1
answer
3k
views
Brotli compression for HTTPS
It appears that Chrome, Firefox, and soon Edge, support the new Brotli compression algorithm over HTTPS only.
I can't find anything on whether this new compression algorithm is susceptible to the ...
- 2,308
0
votes
2
answers
485
views
What are the implications of reversing hashes
Today it was posited to me that
sha256 has a domain large enough to never encounter a collision and
that because it is such a large domain and given that a reverse function was created for it, that ...
- 101
1
vote
4
answers
560
views
Why browsers don't support TLS without encryption and deprecate compression for public data
These days we observes trend to use HTTP over TLS (HTTPS) for all communication. It recommend all weighty Internet service vendors and that claims to good practice. But TLS suite have 3 options for ...
- 11
1
vote
0
answers
298
views
The RAR archive format and authenticity verification [closed]
The changelog for RAR 5 mentions the following:
Features removed:
authenticity verification feature did not provide the required level of reliability and was removed;
...
I didn't find any ...
- 633
0
votes
1
answer
3k
views
Base64 or HEX encoded? [closed]
I have this string encoded and compressed (link to full string)
...
- 3
8
votes
3
answers
4k
views
Encrypted password inside compressed archive
File compression utilities like Winrar or ZIP or 7zip encrypt the password and store it inside the archive.
How safe is that? I mean you are giving away the archive with the password inside,it's not ...
- 2,473