[Cryptography] [FORGED] Re: Crypto best practices

[Patrick Chkoreff]

Peter Gutmann wrote on 03/21/2017 02:22 AM:


> It's not too hard to come up with a Rube-Goldberg mechanism that deals with
> particular issues like misuse of IVs or streaming, but the problem with these
> schemes is that they take the initial issue, that IVs are too confusing and
> complex to deal with so people get it wrong, and make the problem ten times
> worse.  The reason why RC4 was so popular is because it's incredibly simple,
> it takes a key and magics plaintext in-place into ciphertext and back again
> with no message expansion or other complications.  I'm not saying that you can
> do the equivalent of RC4 in a sound manner, but if you've got something that
> gets misused because of its complexity then the proposed replacement shouldn't
> involve even more complexity.

OK, so it has to be simple, it cannot suffer from the obvious problem
with ECB, and perhaps the decryption should be "seekable" and thus
possible to do in parallel.

I am eminently unqualified to invent new crypto protocols, but I'm going
to propose an idea anyway.  If it is shot down, I am eager to see how
and why it goes down in flames.

1. Generate an unpredictable IV.

2. Encrypt the IV with AES-ECB and send that as the first block.

3. For each block of data, XOR it with the IV and encrypt that result
with AES-ECB.

If you happen to reuse an IV between two encryption sessions, you
subject yourself to the weakness of ECB just for those two sessions.
The presence of any identical encrypted blocks in two distinct sessions
would indicate with high probability that an IV had been reused.


-- Patrick

P.S. Of course there is no authentication built into this, but I assume
that can be added at another level.