>________________________________ > From: Roberto Spadim <robe...@spadim.com.br> >To: Unga <unga...@yahoo.com> >Cc: "openssl-users@openssl.org" <openssl-users@openssl.org> >Sent: Saturday, August 17, 2013 6:14 AM >Subject: Re: How to securely encrypt identical files to identical ciphertext? > > > >hum, i will talk again with general cases, but it give nice ideas.... > > >the point about security is fisic access... >you have problem with fisic access to disk? for example, if you put your data >in a datacenter, you never know who is changing your hardware or what happen >to hardware disks... at least i don't see anyone putting webcams outside the >server and record everything that happen outside server... >in this case you should check that datacenter admin can copy your disk and do >what he/she want... (it have the fisic acces to it, and yes it CAN do this, ok >maybe it's illegal, but what ever... it can do it) > > >when someone have a file for example 10MB, encrypted it will try data >dictionary, and brute force attacks, probably it will load the file to memory >and send to many computers to decode this file... 10MB in a memory is >something very small run memtest86+ in your computer... you will see >2GB/s of >speed on memory access... with many computers 10MB could be near to 1byte >(talking about read speed and decode speed)... well just to explain the >relative size when using many computers not true values... > > >well you can't do nothing, with time he/she will get the file... the only >solution is legal... but he/she can send your files over internet and anyone >could get it... > > >but... you have some alternatives... make attacker job harder >one nice feature is a "pseudo cryptografy" called steganography, instead of a >cryptography where attackers know that a file is crypted, you 'give' a file >that any users could see (for example a image or a music or a video) and add >your information in that file like a water mark... i didn't searched about >filesystems tools (for example using LUFS) to steganography files online... >but it's a nice feature for high security systems... the attacker will think >that it have the file, and it have the file, but it will think that the >information is a image, while the information is the watermarks in the >image... it's very very nice for security since the inteligence of attacker is >get a well know file format, and not a specific information, the specific >information is only searched if the attacker really know that you have >important information and the kind of information (for example instead of >finding a file, it will try to find text, and know that is possible to have a steganography software running in your filesystem), but again... with time attacker can get the information... > > >well getting back to plain salt... yes it's not as secure as a non blank salt, >i will talk about my idea of statistic in this case, not as a probability >model... maybe the attacker could use your salt at first time... maybe not... >the salt must be something that you probably will not use and attacker will >not think (or calculate) it too soon, again with time it can calculate... but >you should give your best to make it too hard to calculate or think that it >could be used, the blank salt is something that every body will try at first >time (at least me... i will try blank, 1234, 12345,1234567, 9999, 8888 ... and >others number combinations) > > >well when someone stole your data you can't do nothing, the best method is >physical protection, burn your disk for example like 007 james bond :) > > > >again, i didn't know if i solved your question, just some ideas about increase >security... > > >if you really want know if your system is secure, the most interesting thing >you could do is know some underground group and tell they to unlock your >information, there's some companies that do this job too, but underground >world is nice and many times free =] > > >good luck :) > >
Thanks, you gave an important idea. Lets try how easy to unlock :) Unga ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
