Re: Please tell me about encryption API of OpenSSL 1.0.1

Tue, 17 Apr 2012 05:20:46 -0700 

On 4/17/2012 1:59 PM, Edward Ned Harvey wrote:

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey

attacker doesn't know is your key and your plaintext.  There is only one
solution.  You must use a second key.  Use your first key to encrypt the
second key (so an attacker can hopefully never know either one of your
keys.)  Use your second key combined with the block number (I suggest
encrypting or hashing the block number using the second key, but simple
AND
or XOR should also be fine) and use the resultant data as the IV for your
actual encryption operation.

I don't see any reason why the second key couldn't match the first.  You
could simply encrypt the block number, and use the result as the IV when you
encrypt your actual data block, using ECB.  This is effectively
reimplementing CBC, where you don't make individual blocks dependent on each
other - instead you make each individual block dependent only on its block
number, where you're using the block number as the preceding block of data,
and the *only* preceding block of data.  Every block number is guaranteed
unique and independent, so you're able to do random access, and since there
are never any repeats, there will never be any repeated cipherblocks, even
if there is repeated plaintext.

Note: I think there is a misunderstanding of the word "block" here.
The OP refers to data blocks of about 4Kbyte, you refer to the
individual AES blocks of 16 bytes each.

As for using the main key to generate IVs from block numbers, an
expert once confirmed to me that the following should be safe:

Set CBC-IV=AESrawFunc(key, block number).

I think (not sure at this moment) this is the same as

Set CBC-IV=CBC-AES(key, 0, block number)  // Second arg is IV

Which for encrypt (but not decrypt) I think is the same as
Set encrypted=ThrowAwayFirst16Bytes(CBC-AES, 0, Concat(block number-as-16-bytes, 4K data block)) 

Decrypt will need to do the two steps separately.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to