Skip to content

Do you compress then encrypt, or encrypt then compress?

Short answer

Compress first, then encrypt. Good encryption produces output that is statistically indistinguishable from random, so ciphertext has no patterns left to compress — compressing afterward is pointless. The important caveat: compressing secret and attacker-controlled data together before encryption can leak information through ciphertext length, which is exactly the CRIME and BREACH attacks.

The reflex answer "compress then encrypt" is correct — but the interviewer is really probing whether you know why, and whether you know the dangerous exception. Saying the right words for the wrong reasons is what this question exposes.

The size reasoning

Compression works by finding and removing redundancy and patterns. A well-designed cipher is specifically engineered so its output looks like uniform random noise — there is essentially no redundancy left to exploit. So if you encrypt first, the ciphertext is incompressible and you have thrown away your one chance to shrink the data. Compress first, while the structure still exists, then encrypt the smaller result. The distractors that claim "no difference" or "encrypt repairs randomness" get this backwards.

The dangerous exception

Order is not a free win. The CRIME and BREACH attacks show that when you compress a mix of secret data and attacker-influenced data, then encrypt it, the resulting ciphertext length leaks information. If the attacker's guess overlaps the secret, compression shrinks the output, and the observable size confirms the guess one byte at a time. That is why TLS-level compression was effectively killed (CRIME) and why HTTP response compression of secret-bearing pages is risky (BREACH).

The practical rule

Compress before encrypting for size — but never compress attacker-controlled and secret data together in the same encrypted unit. When in doubt for security-sensitive responses, disable compression.

What interviewers look for

The correct order with the entropy justification, and unprompted mention of CRIME/BREACH as the catch. That combination signals real understanding, not a memorised slogan.

Likely follow-ups

  • Why does properly encrypted data fail to compress?
  • How do CRIME and BREACH exploit compress-then-encrypt?
  • When would you choose to disable compression entirely?

Sources

Certifications

Get 100 cybersecurity interview questions + answers

Drop your email and we'll send you the free PDF pack and the flashcard deck.

No spam. Unsubscribe anytime.