> this is not true. good encryption normally means that decrypting the
> messaage _with_ the key is much much (read many orders of magnitude)
> easier than decrypting it without. removing redundancy from a message
> helps remove patterns, _but_ it doesnt necessarily make it more
> secure. gzip removes redundancy from messages, but that doesnt mean
> that gziping a file will make it more secure.
Also, compressors add known structure and redundancy to messages.
Consider not only a "gzip header", but also compression dictionaries,
indices and the such like. There are steganographic programs out there
that exploit this redundancy (sort of) to encode bits of information --
and decompressors often know how to "complain" when they hit invalid
codewords.
Nevertheless, in the greater context, compression before encryption is
almost always better than no compression. I say "almost" because if you
are mounting some attacks--say, a chosen plaintext attack--then
compression isn't anything more than a trivial extra layer to work
with: it comes down to your threat model.
mg.
-- Matthew Gream <m.gream@nospam.uts.edu.au> (work: matthewg@nospam.jtec.com.au)