Nén trước rồi mã hóa hay mã hóa trước rồi nén?

[xluffy]

Neither:

• Encrypting first and then compressing does not work.
• Compressing first can leak information about plaintext content through the ciphertext length, as poncho mentioned in comments to another answer.

Specifically, compression allows an attacker who can control parts of the message that is encrypted to reveal things about the other, secret parts, like cookies in the case of web traffic. It is most dangerous in a live protocol like TLS. Some forms of compression (e.g. truly constant bitrate lossy video/audio compression) may be immune to such attacks (but even then there might be side channel attacks due to the compression).

In most cases you should just encrypt the uncompressed data and be done with it.

Data storage and transmission is usually cheap enough. If you cannot live without compression, you must do it first, but then you have to really know what you are doing and likely accept at least some loss of security.

• https://crypto.stackexchange.com/questions/33737/is-it-better-to-encrypt-before-compression-or-vice-versa#:~:text=Compress%20and%20then%20encrypt%20is,decrypting%20and%20transmiting%20the%20file.
• https://security.stackexchange.com/questions/19969/encryption-and-compression-of-data/20231#20231

[tinnguyenwork]

What if you want to encrypt a folder? Zip without compression and then encrypt the archive https://superuser.com/questions/411394/zip-files-without-compression

More TIL: https://www.passwordstore.org/ is a password manager using gpg under the hood