Hello again
Marek Marcola wrote:
Hello,
create a public salt (anyone can see this and will) of X length (128bits)
take sha512 hash of file to be encryted (and keep it)
supply a password to the pbkdf2 - to create a 256bit key for my AES256
CFB encryption
use the hash with same salt in pbkdf2 and create a 128 bit iv
Encrypt the file and leave it anywhere in public for me to get later
(even in an untrusted place).
Would this work and where are the weaknesses in the plan?
Yes, this will work but "standard" method for this is to:
- choice a password (secret)
- choice a iteration count (secret, in OpenSSL default is 1
but suggested value is > 1000)
- choice a salt (public)
- put all that to pbkdf2 and get from this function 32+16 bytes
- use first 32 as AES256 key, use next 16 bytes as IV
In this situation salt must be distributed with encrypted file
(in OpenSSL salt is added as special formated first line
in encrypted file).
Best regards,
I like your plan and the fact openssl transmits the salt (brilliant,
but how does it know this - is there a pbkdf2 in openssl as I have a
python one),
When encrypting file with "openssl enc ..." command salt is generated
or get from command line and put at the beginning of encrypted file
in form:
Salted__<8_characters_of_salt>
when string "Salted__" is "magic" string.
You may check this with command:
$ openssl enc -des3 -e -S 41414141 -in /some/file > /tmp/x.bin
$ od -c /tmp/x.bin
Parameter -S 41414141 means salt of value "AAAA" (which is extended
by OpenSSL to 8 characters).
Iteration count in this implementation is always 1.
This implementation (openssl enc ...) use its own implementation
of pbkdf2 (there are some incompatibilities) but in OpenSSL API
you may use PKCS5_PBKDF2_HMAC_SHA1() which is exactly compatible
with PCKS#5 specification.
rather than transmitting or remembering the iteration count can this
be calculated from the password ? os is that insecure.
Should be treated like a password ... but in OpenSSL encryption
command is set to 1, some kind of compromise.
In reality I only want to remeber a password but as in all good stuff
want everyone to see the source of my code.
David
Can't thank you enough you've been great.
|
begin:vcard
fn:David Irvine
n:;David Irvine
org:Ayrshire Business Consulting Ltd.
adr:;;3 Wellington Square ;Ayr;Ayrshire;KA71EN;Scotland
email;internet:[EMAIL PROTECTED]
tel;cell:+44(0)7977583031
x-mozilla-html:TRUE
url:http://www.open-source-consulting.org
version:2.1
end:vcard
