[Cryptography] Question re: Initialization Vector for AES Counter Mode…
John Denker
jsd at av8n.com
Wed Apr 26 23:23:08 EDT 2017
On 04/26/2017 03:28 PM, Jon Callas wrote:
> Personally, I would recommend that you *not* use counter mode or
> anything resembling it for writing files.
I agree with that 100%.
A cipher "mode" is a kludge that kinda maybe sorta allows people
to survive in situations where they can't (or won't) re-key ...
but you should always ask yourself, why not just re-key? If
your cipher cannot be efficiently or securely re-keyed, maybe
you need a better cipher.
Constructive suggestion: Use something like ChaCha20, which
is designed to do a good job with file encryption (and a lot
of other things). It has an enormous keyspace, and can be
re-keyed efficiently. Construct the key from at least:
-- The master key.
-- The block number.
-- A sequence number, depending on how many times the
block has been rewritten. (This allows random access,
as well as rewriting the whole file from the beginning.)
> Counter mode creates a stream cipher.
Right.
> it's like leaving a rake in the yard with the tines up.
Good analogy.
More information about the cryptography
mailing list