On 29/04/12 05:23, MauMau wrote:
Q2: Is AES-XTS slower than AES-CBC? Does AES-NI speed up AES-XTS
like AES-CBC?
Yes it is slower because there is an additional encryption operation
on the "tweak".
I think AES-NI speeds up the implementation of the underlying AES
cipher, and therefore would be
From:
This code is only relevant if the EVP_CIPH_CUSTOM_IV flag is not set. If
it is set it is ignored. XTS sets this flag in e_aes.c:
#define XTS_FLAGS(EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
Oh, I see. As you say,
On 25/04/12 15:03, MauMau wrote:
Q1: Is AES-XTS officially supported by OpenSSL 1.0.1? I'm wondering if
XTS is still an experimental feature in OpenSSL, because the file
"Changes" in the OpenSSL 1.0.1 tarball does not refer to XTS.
Well 1.0.1 is the latest stable version, and I have seen not
From:
I have modified your code to use XTS, which I think will achieve what you
want to do:
- It supports random read and write access to your data
- It is standards based so you don't have to make up your own way of
doing things and potentially open yourself up to security issues
- You do
On 23/04/12 13:16, MauMau wrote:
Apart from that, let me go back to my original question 4 in my first
mail.
Q4: Do I have to call EVP_EncryptInit_ex/EVP_DecryptInit_ex for each
block/record? I'm concerned about the overhead of those functions. For
exa
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of MauMau
>
> But folks here gave me suggestions that different IVs should be used for
> each 4KB block. I think I should do that, and I'd like to follow those
> precious advice.
>
> (However, I'm wonde
From:
I believe this will reeuse the same IV for block2 that it uses for
block1. It will appear to work but is a really bad idea and will lead
to major security problems.
From: "Jeffrey Walton"
You should have a look at Microsft's paper by Neils Ferguson on
Bitlocker's design and implementat
On 23 April 2012 13:16, MauMau wrote:
> /* encrypt first block */
> EVP_EncryptUpdate(&enc_ctx, block1, &outlen, block1, 4096);
> /* encrypt second block */
> EVP_EncryptInit_ex(&enc_ctx, NULL, NULL, NULL, NULL);
> EVP_EncryptUpdate(&enc_ctx, block2, &outlen, block2, 4096);
I believe this will r
On Mon, Apr 23, 2012 at 8:16 AM, MauMau wrote:
> Hello,
>
>
> Thanks a lot for your valuable advice. I'm looking into the CBC with IVs
> based on block numbers, CTR, and XTS. I'm refering to the pages below:
>
> Block cipher modes of operation
> http://en.wikipedia.org/wiki/Block_cipher_mode
>
> D
Hello,
Thanks a lot for your valuable advice. I'm looking into the CBC with IVs
based on block numbers, CTR, and XTS. I'm refering to the pages below:
Block cipher modes of operation
http://en.wikipedia.org/wiki/Block_cipher_mode
Disk encryption theory
http://en.wikipedia.org/wiki/Disk_encry
On Wed, Apr 18, 2012 at 9:04 AM, Edward Ned Harvey
wrote:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Jeffrey Walton
>>
>> On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
>> wrote:
>> >> From: owner-openssl-us...@openssl.org [mailto:owner-
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Jeffrey Walton
>
> On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
> wrote:
> >> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> >> us...@openssl.org] On Behalf Of Ken Goldman
> >>
>
On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
wrote:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Ken Goldman
>>
>> The standard answer: If this is a real security project, hire an
>> expert. If you design your own crypto algorithm, you
On Tue, Apr 17, 2012 at 7:59 AM, Edward Ned Harvey
wrote:
>> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
>> us...@openssl.org] On Behalf Of Edward Ned Harvey
>>
>> attacker doesn't know is your key and your plaintext. There is only one
>> solution. You must use a second key. Us
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Ken Goldman
>
> The standard answer: If this is a real security project, hire an
> expert. If you design your own crypto algorithm, you will get it wrong.
Or, if you're pretty confident you know how
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Ken Goldman
>
> The standard answer: If this is a real security project, hire an
> expert. If you design your own crypto algorithm, you will get it wrong.
>
> If this is just for fun, to learn about
On 17/04/12 15:31, MauMau wrote:
Hello, Edward, Jakob, Ken,
Thanks for lots of ideas and information. I'll investigate Edward's
block-number-based iv and Ken's CTR mode. Let me consult you if I get
stuck again. I'll consider some way to eliminate the need to call
EVP_EncryptInit_ex/EVP_Decryp
Hello, Edward, Jakob, Ken,
Thanks for lots of ideas and information. I'll investigate Edward's
block-number-based iv and Ken's CTR mode. Let me consult you if I get stuck
again. I'll consider some way to eliminate the need to call
EVP_EncryptInit_ex/EVP_DecryptInit_ex for each block/record.
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto algorithm, you will get it wrong.
If this is just for fun, to learn about openssl, CTR mode will give you
random access.
On 4/16/2012 6:41 PM, MauMau wrote:
As for Q4, yes, decrypting bl
On 4/17/2012 1:59 PM, Edward Ned Harvey wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey
attacker doesn't know is your key and your plaintext. There is only one
solution. You must use a second key. Use your first key to encr
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Edward Ned Harvey
>
> attacker doesn't know is your key and your plaintext. There is only one
> solution. You must use a second key. Use your first key to encrypt the
> second key (so an attacker ca
> From: Edward Ned Harvey
>
> I can't think of anything wrong with using the block number as the
> IV, and then use ECB.
Oh yeah. I can think of something wrong with that. If an attacker knows
the block number, and they have some intelligent guess about the plaintext,
then they might be able to
Hello, Stephen, Thomas,
From: "Thomas BERNARD"
To my understanding :
With ECB, the order in which the blocks are crypted/decrypted doesn't
matter.
With CBC and most block modes, it DOES matter !
So if block 1 is encrypted first it MUST be decrypted first.
/* decrypt second block */
EVP_Decrypt
On Mon, Apr 16, 2012, MauMau wrote:
> Hello
>
> Q1: Is AES-NI automatically utilized on the processors that have the
> capability? Do I have to do anything (e.g. specify some engine in
> openssl.conf)?
>
In OpenSSL 1.0.1 it is automatically supported provided you use the EVP
interface, you don'
> /* one-time initialization */
> ERR_load_crypto_strings();
> OpenSSL_add_all_algorithms();
> EVP_CIPHER_CTX_init(&enc_ctx);
> EVP_CIPHER_CTX_init(&dec_ctx);
> EVP_EncryptInit_ex(&enc_ctx, EVP_aes_256_cbc(), NULL, key, iv);
> EVP_CIPHER_CTX_set_padding(&enc_ctx, 0);
> EVP_DecryptInit_ex(&dec_ctx,
25 matches
Mail list logo
