-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
On 11/20/18 13:46, Christopher Schultz wrote: > All, > > I'd like a sanity-check on something I've done for the > EncryptIntercepto r. > > I'm using CBC mode because any other mode makes no sense. Using > ECB mode isn't evasive enough and the more elaborate ones require > that both sides (encrypt/decrypt) agree on the IVs being used. > Setting both encryption key /and/ IV for the interceptor isn't > convenient and is likely to cause people to make stupid decisions. > > So I'm using a random IV and using the IV as the first block being > sent from any sender to the receivers. This prevents > known-ciphertext analysis if the attacker can see the encrypted > stream: the IV is random so it's difficult to learn anything from > the encrypted stream. > > However, after a single message is sent, the Cipher object is > returned to its original state and the same IV is used over and > over again. Key + IV should generally not be re-used together. > > Right now, the encrypted message looks like this: > > block_encrypt(IV) + block_encrypt(message_block[0]) + > block_encrypt(message_block[1]) ... > > Encrypting the IV allows the receiver to get an initial encrypted > block that it doesn't care about. It discards the block and then > message_block[0] can be decrypted with the correct IV (computed > from the previous ciphertext block, NOT the previous plaintext > block -- that's how CBC works) and so on. > > But the IV re-use is bothering me. I think we should change it to: > > IV + block_encrypt(message_block[0]) + > block_encrypt(message_block[1]) . .. > > > The sender will need to generate a new IV *for every message*. > > Then the receiver instead of ignoring the first block will read it > as an IV which is used to seed the decryption cipher. > > I believe this will improve the security of the messages being > sent, but I'd prefer a few second-opinions. An alternative is to send a nonce as the first block, rather than sending the IV itself. This may yield better performance than re-initializing the Cipher object each time with a new IV. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlv0WjMACgkQHPApP6U8 pFhOvhAAsEFtoGa23Sb6RPLTR7+2jiLK7CvEIPuITY6gMd9LJ5/hVQ6GjuH/ViGf Hbz6LPGXZDIF3o1uHj7icpfFU+cdtlaz8n+EBgzE/qbgMSVXL9pbm+6aCVtkezHW f36dVPDcrIQ/eGD2y8EBR5TVZ7jC2bKhUG+o5i9uDiaNJuket7dk9tTDw4fR4NLv IGup0isX3+/wca5o89n1Ga3hsdM4GL+ep94FASbD6Aw1Mxp1uzcNRiv5giuPJgRA c4NuTVtqT0OnyVGJmDrNKQ9MhUZcrlpXeg7O5fQGR4WCd78tv/IxPC/X8WEtxQwz GmU6FBL2vIxN6+AlnO13rDqf0t61I5zg3zo9lzTGgByhWVZuqjtEYaNv73fK/ZwX V8LD7CmnFSpR2OV4SMdbZ5TbVE9G5xVtAMIe785VsgUN9Jix8Juasbd9ywXVUtkZ rUOJNSC84JFvqeqtCCs887rqv7K0s0zVgW9Q9UGnnN/x5dUnr5MMzSp3bz3kQSD1 e+rjT7BGKJF8vYChME2LWAvea842oX+Zw9KHQr6MuhZhh31YRd0xUJPvQCcHi7FA eSTCBzNTAbuihkKF6Vw9Tli38CGEDgpsFBTCrj3y1uRdcQNRyFE6Q5m0l+monwto WKl8qfu7dThtrZDeVsGMdelSrzMW8GqCrXi8Ebyj9bt9LA+IEKs= =W03l -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org