[Cryptography] [FORGED] Re: Crypto best practices

Ray Dillinger bear at sonic.net
Tue Mar 21 18:54:30 EDT 2017



On 03/21/2017 06:57 AM, Patrick Chkoreff wrote:

> I am eminently unqualified to invent new crypto protocols, but I'm going
> to propose an idea anyway.  If it is shot down, I am eager to see how
> and why it goes down in flames.
> 
> 1. Generate an unpredictable IV.
> 
> 2. Encrypt the IV with AES-ECB and send that as the first block.
> 
> 3. For each block of data, XOR it with the IV and encrypt that result
> with AES-ECB.
> 
> If you happen to reuse an IV between two encryption sessions, you
> subject yourself to the weakness of ECB just for those two sessions.
> The presence of any identical encrypted blocks in two distinct sessions
> would indicate with high probability that an IV had been reused.

It's a reasonable try, but no...  As described you have the weakness
of ECB within each message.  for any IV and plaintext P
Encrypt(P XOR IV) = Encrypt(P XOR IV).  So unless IV changes between
blocks, identical plaintext blocks produce identical ciphertexts.

If you use a reversible function F(IV,N) where N is the block number,
you could have Encrypt(F(IV,N) XOR P) and it would work reasonably well.
 This is the basis of counter mode, where F is +N and F` is -N.


					Bear



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170321/1851edb1/attachment.sig>


More information about the cryptography mailing list