Do you compress then encrypt, or encrypt then compress?
Short answer
Compress first, then encrypt. Good encryption produces output that is statistically indistinguishable from random, so ciphertext has no patterns left to compress — compressing afterward is pointless. The important caveat: compressing secret and attacker-controlled data together before encryption can leak information through ciphertext length, which is exactly the CRIME and BREACH attacks.
The reflex answer "compress then encrypt" is correct — but the interviewer is really probing whether you know why, and whether you know the dangerous exception. Saying the right words for the wrong reasons is what this question exposes.
The size reasoning
Compression works by finding and removing redundancy and patterns. A well-designed cipher is specifically engineered so its output looks like uniform random noise — there is essentially no redundancy left to exploit. So if you encrypt first, the ciphertext is incompressible and you have thrown away your one chance to shrink the data. Compress first, while the structure still exists, then encrypt the smaller result. The distractors that claim "no difference" or "encrypt repairs randomness" get this backwards.
The dangerous exception
Order is not a free win. The CRIME and BREACH attacks show that when you compress a mix of secret data and attacker-influenced data, then encrypt it, the resulting ciphertext length leaks information. If the attacker's guess overlaps the secret, compression shrinks the output, and the observable size confirms the guess one byte at a time. That is why TLS-level compression was effectively killed (CRIME) and why HTTP response compression of secret-bearing pages is risky (BREACH).
The practical rule
Compress before encrypting for size — but never compress attacker-controlled and secret data together in the same encrypted unit. When in doubt for security-sensitive responses, disable compression.
What interviewers look for
The correct order with the entropy justification, and unprompted mention of CRIME/BREACH as the catch. That combination signals real understanding, not a memorised slogan.
Likely follow-ups
- Why does properly encrypted data fail to compress?
- How do CRIME and BREACH exploit compress-then-encrypt?
- When would you choose to disable compression entirely?