-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I'd like a sanity-check on something I've done for the EncryptIntercepto r. I'm using CBC mode because any other mode makes no sense. Using ECB mode isn't evasive enough and the more elaborate ones require that both sides (encrypt/decrypt) agree on the IVs being used. Setting both encryption key /and/ IV for the interceptor isn't convenient and is likely to cause people to make stupid decisions. So I'm using a random IV and using the IV as the first block being sent from any sender to the receivers. This prevents known-ciphertext analysis if the attacker can see the encrypted stream: the IV is random so it's difficult to learn anything from the encrypted stream. However, after a single message is sent, the Cipher object is returned to its original state and the same IV is used over and over again. Key + IV should generally not be re-used together. Right now, the encrypted message looks like this: block_encrypt(IV) + block_encrypt(message_block[0]) + block_encrypt(message_block[1]) ... Encrypting the IV allows the receiver to get an initial encrypted block that it doesn't care about. It discards the block and then message_block[0] can be decrypted with the correct IV (computed from the previous ciphertext block, NOT the previous plaintext block -- that's how CBC works) and so on. But the IV re-use is bothering me. I think we should change it to: IV + block_encrypt(message_block[0]) + block_encrypt(message_block[1]) . .. The sender will need to generate a new IV *for every message*. Then the receiver instead of ignoring the first block will read it as an IV which is used to seed the decryption cipher. I believe this will improve the security of the messages being sent, but I'd prefer a few second-opinions. There is also the problem of replay-attacks. The only way I can think of to solve the problem of a replay attack is to serial-number each message and have receivers reject any message with a serial-number which is equal-to-or-less-than than the last message it received. I don't know enough about Tribes to know if that kind of things is already present in the stack, so I'm not going to try to solve that particular problem right now. Suggestions are welcome. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlv0VpwACgkQHPApP6U8 pFjvOBAAloEmlWt7EAlwVg63bXmHWsaWuEsRUmvddsfOcEdV4XCoyRV4MQ+75geZ 7EWoQuw/u1co53PSwwZ6bCoU0LhfFaGc0N9GqLYKBy0ej1pKDyGysf3RKLcwOovb m6MoYGwgMe1rPXu979cgVgRTTEgmxPYw6SRXOey8ibSWPoRIqmUqfQTkRyt5wcVt b+kvDJde3Wn61LPH5o1S3sOJsmAZIzseugIp4F0PlrkTd1SSArjpi2mN01JYMm9Z x7cfFuK/vdX0JQGedLxG5i55V/cYjjn2d/i1txQaJAP7Oxpextmzxx1NisuIOf3F Uf4CAVsvizZ/84Q9uB6ucnFu/q+iXs5iWkbKhebOjLCL5LaWVDl9jsW+EJrhjNcp /D6fxowrlP3vqr5U1pRX7cxtfRo+nFWO+5wSDcYs+v5xFUbbFWpgNmgJJ4lG/FPp HSQNSfZ8kYElFq6ZQI4h50rucOfpsOGkrN0uFiV9OD0jvk2MtFaR1T+LTfFbcv4i YiDFlCQf+1+JNdBOy6GO9DUP0ntDsrYsAsTky7kfVxJ/W+dF1uTUrOY2tmpQ2Hw3 90egOLHaWH+Fzo2JPVV0B/lKsrvEfqCCN4JZbxIbkJO0wqwgBhx/m0GAnVZ66PAw AWc+HqyqpK6JVKNkYjAAftwN433/YjQqm4pYOuyvFNTMMZGrRnk= =gT2T -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
