On Wed, Sep 30, 2009 at 12:27:56AM -0700, Brian Lavender wrote:
> > please forgive me as i am not an OpenSSL or encryption expert.
> >
> > i am already using OpenSSL to do encryption of strings and it works awesome.
> > i do have a question about encrypting smaller amounts of data though.
Does the output need to be the same size as the input, or is output
expansion OK?
Secure encryption of finite sets is a difficult problem, covered in
some interesting papers by Rogaway, and used by Voltage in various
commercial offerings.
> > Encrypt(datato, datafrom)
> > {
> > EVP_EncryptInit();
> > EVP_EncryptUpdate();
> > EVP_EncryptFinal();
> > EVP_CIPHER_CTX_cleanup();
> > }
> >
> > again works awesome for strings. however we are realizing there are
> > sometimes we just want a 32 bit int or a 64 bit int encrypted and nothing
> > else.
Provided you use a different IV for each datum, you get reasonable security,
at the cost of considerable output expansion. If the output expansion
(a lot more bytes out than in) is not a problem, you should be fine.
Just don't re-use IVs (with non-negligible probability).
> You could just xor the bits with the key.
NO.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
