Compress or Encrypt?

The other day a colleague sent me some files in email. He compressed them so they’d be smaller and no software along the way would try to process them. (As a side note, yes, I know email systems use BASE64 to encode binary files, and I know that blows them up in size, but that’s a different discussion). He used the popular open-source 7-Zip tool.

7-Zip also encrypts. To do so (assuming you have 7-zip installed on a Windows PC), right click on a file, select 7-Zip and click “Add to archive…”. That brings up this screen:


7-Zip Add to Archive screen
7-Zip Add to Archive screen

Note the encryption part of the pane in the lower right-hand corner. “AES-256” is the encryption algorithm. It doesn’t tell what mode (e.g. Cipher Block Chaining mode or CBC) is used for the encryption and the mode used can make a difference in how secure the encryption is. We do a dramatic demonstration of this in Learning Tree Course 468, System and Network Security Introduction. That encryption is good for data in transit, that is data being moved for example over the Internet.

Most operating systems have an encryption tool, too, and Microsoft Windows is no exception. A Windows file can be encrypted by right clicking on it and selecting Properties, then clicking on Advanced:

Windows compress or encrypt option.
Windows compress or encrypt option.

Note that the section is labeled “Compress or Encrypt attributes” – you cannot select both. This is not because one could not actually do both, but because of a limitation of the way the NTFS filesystem stores file attributes. 7-Zip and other compression utilities indeed do both. If a tool does both encryption and compression, does the order matter? That is which should be done first? Think about that for a minute, then read the part below.

As we discuss in Learning Tree Course 468, System and Network Security Introduction, it does matter. Since both encryption and compression have the goal of creating a file that looks random (has no patterns) and since compression relies on the existence of patterns to do its work, we have to compress first while the patterns are still there, if we want the file to actually be smaller. We can then encrypt the compressed data. These subtleties matter sometimes, and that’s why learning about them is important.

What other subtleties are important in your security work? Let us know in the comments below.

To your safe computing,
John McDermott

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.