Re: Using RC4 vs EVP_CIPHER

Wed, 11 May 2005 12:04:11 -0700 

Steve,

> 
> Salt shouldn't be predictable so using a fixed string isn't an option but it
> isn't secret.
> 

I'm using rand_bytes() to create the salt.

> 
>>IV.  I should really use an IV with some modes.  Again, its random
>>bytes, but it doesn't have to be secret.  I will also have to transmit
>>the IV to the other side.  That's not a security problem is it?
>>
>>Is is a problem if you use the same random bytes for the SALT and the IV?
>>
> 
> 
> EVP_BytesToKey() also generates an IV so that isn't a problem.
>


I'm attempting to use EVP_aes_128_ofb().  OFB mode should have an IV.
I'm passing in 16 char of rand_bytes to EVP_CipherInit_ex().  Currently
I'm not passing the IV to the other side.  I would expect the decryption
 to fail since the client and the server aren't using the save IV.  Its
doesn't fail.  This leads me to believe that the cipher isn't actually
using the IV.  What am I missing?


   int count = 0;
   int datal = 0;
   unsigned char * someSalt;
   unsigned char * theIV;

   if (!rand_seeded_p)
   {
      rand_seed();
      rand_seeded_p = 1;
   }

  //setup the salt for the password
  someSalt = new unsigned char[saltSize];
  rand_bytes(someSalt,saltSize);

  theIV = new unsigned char[saltSize];
  rand_bytes(theIV,saltSize);

  //hash the password into a 128bit key
  datal = (unsigned long)strlen((const char *)password);
  EVP_BytesToKey(EVP_aes_128_ofb(), EVP_md5(), (unsigned char *)
someSalt, (const unsigned char *)password, datal, count, keystr, NULL);

 EVP_CIPHER_CTX_init(ctx);
 EVP_CipherInit_ex(ctx, EVP_aes_128_ofb(), NULL, NULL, NULL, 1);

 /* We finished modifying parameters so now we can set key and IV */
 EVP_CipherInit_ex(ctx, NULL, NULL, keystr, theIV, 1);

Thanks,

Sean


> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]
> 
> 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to