Re: [openssl-users] different encrypted text for the same plain text message

2016-07-30 Thread Dr. Stephen Henson
On Sat, Jul 30, 2016, R-D intern wrote: > Thank you, Stephen. > You answered regarding randomness in different sessions if session > resumption is on. But my question revolves around the same messages within > the same Session. How different encrypted texts are formed of the same > plaintext bet

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-30 Thread R-D intern
Thank you, Stephen. You answered regarding randomness in different sessions if session resumption is on. But my question revolves around the same messages within the same Session. How different encrypted texts are formed of the same plaintext between a client -server? Is it only the iv changes o

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread Dr. Stephen Henson
On Fri, Jul 29, 2016, R-D intern wrote: > Hello Benjamin, > Thanks for the reply. > I know the purpose and benefit of creating different cipher texts of the > same corresponding plain text.But I would like to know about the places > where this randomness gets introduced to create different encrypt

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread R-D intern
Thank you, Jakob. I had read that the earlier versions IV logic used to use the last block of the ciphertext as the IV for the next message and this proved vulnerable giving way to reflection attacks. But is it only the IV that changes? the bulk encryption and MAC keys remain constant throughput t

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread Jakob Bohm
On 29/07/2016 09:23, R-D intern wrote: Hello Benjamin, Thanks for the reply. I know the purpose and benefit of creating different cipher texts of the same corresponding plain text.But I would like to know about the places where this randomness gets introduced to create different encrypted texts.B

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread R-D intern
Hello Benjamin, Thanks for the reply. I know the purpose and benefit of creating different cipher texts of the same corresponding plain text.But I would like to know about the places where this randomness gets introduced to create different encrypted texts.Because SSL handshake takes place only onc

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-28 Thread Short, Todd
Rich Salz basically told this guy to read Wikipedia about cryptography… :) -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jul 28, 2016, at 11:15 AM, Benjamin Kaduk mailto:bka...@akamai.com>> wrote: There are several

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-28 Thread Benjamin Kaduk
There are several places where a per-connection random input is introduced, with a specific goal of making encryptions of the same plaintext produce different ciphertexts (as well as other benefits). If a plaintext always produced the same ciphertext, then an attacker could make a dictionary of di