[Cryptography] Crypto best practices
Patrick Chkoreff
patrick at rayservers.net
Wed Mar 22 09:49:25 EDT 2017
Ray Dillinger wrote on 03/21/2017 06:54 PM:
> It's a reasonable try, but no... As described you have the weakness
> of ECB within each message. for any IV and plaintext P
> Encrypt(P XOR IV) = Encrypt(P XOR IV). So unless IV changes between
> blocks, identical plaintext blocks produce identical ciphertexts.
Right. Face palm here for missing that. I assiduously minimized the
possibility of identical ciphertexts between two different sessions, and
completely missed the possibility within a single session.
By the way, my point here was not to step forward and say hey everybody,
here is the one true protocol. It was to improve the protocol one
incremental step at a time and hear for myself just exactly what the
problem was.
> If you use a reversible function F(IV,N) where N is the block number,
> you could have Encrypt(F(IV,N) XOR P) and it would work reasonably well.
> This is the basis of counter mode, where F is +N and F` is -N.
Yes, that was exactly my amendment.
It also occurred to me that instead of using F=(+ N) and F'=(- N), I
might use F = F' = (XOR N) instead, since it's simpler than addition and
subtraction, which could involve overflow and carry operations if you
have a lot of 1 bits in the plaintext block.
-- Patrick
More information about the cryptography
mailing list