[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: Re: [Cryptography] [FORGED] Re: Crypto best practices
From: Ray Dillinger <bear () sonic ! net>
Date: 2017-03-21 22:54:30
Message-ID: 35c3ef7f-fc81-54bb-c1cf-237b8fab9b29 () sonic ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
On 03/21/2017 06:57 AM, Patrick Chkoreff wrote:
> I am eminently unqualified to invent new crypto protocols, but I'm going
> to propose an idea anyway. If it is shot down, I am eager to see how
> and why it goes down in flames.
>
> 1. Generate an unpredictable IV.
>
> 2. Encrypt the IV with AES-ECB and send that as the first block.
>
> 3. For each block of data, XOR it with the IV and encrypt that result
> with AES-ECB.
>
> If you happen to reuse an IV between two encryption sessions, you
> subject yourself to the weakness of ECB just for those two sessions.
> The presence of any identical encrypted blocks in two distinct sessions
> would indicate with high probability that an IV had been reused.
It's a reasonable try, but no... As described you have the weakness
of ECB within each message. for any IV and plaintext P
Encrypt(P XOR IV) = Encrypt(P XOR IV). So unless IV changes between
blocks, identical plaintext blocks produce identical ciphertexts.
If you use a reversible function F(IV,N) where N is the block number,
you could have Encrypt(F(IV,N) XOR P) and it would work reasonably well.
This is the basis of counter mode, where F is +N and F` is -N.
Bear
["signature.asc" (application/pgp-signature)]
[Attachment #8 (text/plain)]
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic