> this is not true. good encryption normally means that decrypting the
> messaage _with_ the key is much much (read many orders of magnitude)
> easier than decrypting it without. removing redundancy from a message
> helps remove patterns, _but_ it doesnt necessarily make it more
> secure. gzip removes redundancy from messages, but that doesnt mean
> that gziping a file will make it more secure.
Also, compressors add known structure and redundancy to messages.
Consider not only a "gzip header", but also compression dictionaries,
indices and the such like. There are steganographic programs out there
that exploit this redundancy (sort of) to encode bits of information --
and decompressors often know how to "complain" when they hit invalid
Nevertheless, in the greater context, compression before encryption is
almost always better than no compression. I say "almost" because if you
are mounting some attacks--say, a chosen plaintext attack--then
compression isn't anything more than a trivial extra layer to work
with: it comes down to your threat model.
-- Matthew Gream <firstname.lastname@example.org> (work: email@example.com)