-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,
On 11/20/18 13:46, Christopher Schultz wrote:
> All,
> 
> I'd like a sanity-check on something I've done for the
> EncryptIntercepto r.
> 
> I'm using CBC mode because any other mode makes no sense. Using
> ECB mode isn't evasive enough and the more elaborate ones require
> that both sides (encrypt/decrypt) agree on the IVs being used.
> Setting both encryption key /and/ IV for the interceptor isn't
> convenient and is likely to cause people to make stupid decisions.
> 
> So I'm using a random IV and using the IV as the first block being 
> sent from any sender to the receivers. This prevents
> known-ciphertext analysis if the attacker can see the encrypted
> stream: the IV is random so it's difficult to learn anything from
> the encrypted stream.
> 
> However, after a single message is sent, the Cipher object is
> returned to its original state and the same IV is used over and
> over again. Key + IV should generally not be re-used together.
> 
> Right now, the encrypted message looks like this:
> 
> block_encrypt(IV) + block_encrypt(message_block[0]) + 
> block_encrypt(message_block[1]) ...
> 
> Encrypting the IV allows the receiver to get an initial encrypted 
> block that it doesn't care about. It discards the block and then 
> message_block[0] can be decrypted with the correct IV (computed
> from the previous ciphertext block, NOT the previous plaintext
> block -- that's how CBC works) and so on.
> 
> But the IV re-use is bothering me. I think we should change it to:
> 
> IV + block_encrypt(message_block[0]) +
> block_encrypt(message_block[1]) . ..
> 
> 
> The sender will need to generate a new IV *for every message*.
> 
> Then the receiver instead of ignoring the first block will read it
> as an IV which is used to seed the decryption cipher.
> 
> I believe this will improve the security of the messages being
> sent, but I'd prefer a few second-opinions.

An alternative is to send a nonce as the first block, rather than
sending the IV itself. This may yield better performance than
re-initializing the Cipher object each time with a new IV.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlv0WjMACgkQHPApP6U8
pFhOvhAAsEFtoGa23Sb6RPLTR7+2jiLK7CvEIPuITY6gMd9LJ5/hVQ6GjuH/ViGf
Hbz6LPGXZDIF3o1uHj7icpfFU+cdtlaz8n+EBgzE/qbgMSVXL9pbm+6aCVtkezHW
f36dVPDcrIQ/eGD2y8EBR5TVZ7jC2bKhUG+o5i9uDiaNJuket7dk9tTDw4fR4NLv
IGup0isX3+/wca5o89n1Ga3hsdM4GL+ep94FASbD6Aw1Mxp1uzcNRiv5giuPJgRA
c4NuTVtqT0OnyVGJmDrNKQ9MhUZcrlpXeg7O5fQGR4WCd78tv/IxPC/X8WEtxQwz
GmU6FBL2vIxN6+AlnO13rDqf0t61I5zg3zo9lzTGgByhWVZuqjtEYaNv73fK/ZwX
V8LD7CmnFSpR2OV4SMdbZ5TbVE9G5xVtAMIe785VsgUN9Jix8Juasbd9ywXVUtkZ
rUOJNSC84JFvqeqtCCs887rqv7K0s0zVgW9Q9UGnnN/x5dUnr5MMzSp3bz3kQSD1
e+rjT7BGKJF8vYChME2LWAvea842oX+Zw9KHQr6MuhZhh31YRd0xUJPvQCcHi7FA
eSTCBzNTAbuihkKF6Vw9Tli38CGEDgpsFBTCrj3y1uRdcQNRyFE6Q5m0l+monwto
WKl8qfu7dThtrZDeVsGMdelSrzMW8GqCrXi8Ebyj9bt9LA+IEKs=
=W03l
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to