Hello,
Any advice on this ECB like behaviour of CTR will be highly appreciated.
We are currently integrating openssl in our application.
One of the goals is to use symetric encription on streams of data to
keep them encrypted on a storage device (1).
As far as we are concerned, CTR mode seems to be a good choice for this
goal.
The idea is to use (according to some parameters) either des, 3des, aes,
blowfish or cast5.
Another parameter also permits to chose one hash algorithm.
As openssl does not support CTR mode, it is derived from OFB (as in
EVP_get_cipherbyname(SN_aes_192_ofb128) for instance).
The symetric key and IV are derived from PRNG data and hash using
ossl_PKCS5_PBKDF2_HMAC_PRF().
And part of the IV is used as the counter.
Unfortunately, there must be something wrong in the current implementation.
As an input test stream, i've used a simple patern file:
10 lines of 72 ASCII characters '5', ended with 'new line'
10 lines of 72 ASCII characters 'A', ended with 'new line'
and so on up to a total of 160000 lines (see at the end for a somewhat
"clearer" description).
Analysing the output stream, at least two paterns of as long as 8 bytes
is found many many times.
This is the reason why i've written 'ECB' in the subject.
In fact, it appears that each patern may be found every 48 bytes (40 are
quite random, 8 are the patern).
This occurs 14 to 15 times, then it switches to the other patern with
somewhat the same scheme and so on.
On the other hand, any other 4 bytes patern can hardly be found more
than once.
We would have hoped that the full output stream looked like it was
random data.
Is this assumption false?
Or on the contrary, can we consider that there is a bug in our
implementation?
NB: in a previous implementation, we where not using openssl, and the
CTR mode was derived from CBC.
It did not show this strange behaviour.
Should we rely on CBC mode to implement CTR one?
Or do you think we have a chance to find the flaw in our
CTR-based-on-OFB implementation?
And at least a newbie question: which are the real adavantages (and
drawbacks) of CTR over OFB?
(1) another goal is also to protect some network exchanges with SSL, but
that's another story.
-- source file description --
$ grep -c
555555555555555555555555555555555555555555555555555555555555555555555555 5a.txt
80000
$ grep -c
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 5a.txt
80000
$ wc 5a.txt
160000 160000 11680000 5a.txt
--
alea+
Luc
begin:vcard
fn:Luc Perthuis
n:Perthuis;Luc
org:Atempo S.A.;Engineering
adr:;;PIBS;VANNES;;56000;FRANCE
email;internet:[EMAIL PROTECTED]
title:Core Technologies Group Manager
tel;work:02 97 68 40 26
tel;fax:02 97 68 40 25
tel;cell:06 89 16 96 37
note;quoted-printable:Enabling Information Lifecycle Strategies=0D=0A=
x-mozilla-html:TRUE
url:http://www.atempo.com
version:2.1
end:vcard
