[Cryptography] AES related issue
John Denker
jsd at av8n.com
Wed Mar 29 11:22:31 EDT 2017
On 03/28/2017 11:54 PM, Philipp Gühring wrote:
> I am currently playing around with an encryption/decryption module, which
> claims to be using AES-256. Under normal circumstances, Encryption and
> Decryption seem to work fine.
> Now I tried to play a bit with the key during the decryption operation,
> and when I seem to insert the wrong key, the module returns high entropy
> blocks.
> Surprisingly, the high entropy blocks contains only on average 7.58 bits
> of entropy
> per byte (it was in the range of 7.53-7.604).
> The keys I inserted were similar to the original key, so possibly just
> single bit-flips difference to the original key.
AES is known to have horrible related-key weaknesses.
To verify that the problem is here (rather than, say, in the
measurement methods) repeat the experiment, but hash each key
before feeding it to AES.
Or (!) use something like ChaCha20 that doesn't screw up when
given related keys.
More information about the cryptography
mailing list