cryptography - Use of Initialization Vector in DES -


say have encrypt data using des (or triple des). if iv used 8 bytes, set '0' (ie. iv constant byte[], set 0x00), okay? or same using no iv in first place?

it no good. hard-coded iv means same plain text encrypt same cipher text. iv intended prevent. if use mode allows iv @ all, approach randomly generate iv, use in encryption on blocks of plain text want encrypt, , prepend iv unencrypted cipher text.

many people worry "won't would-be attacker see iv then?" answer yes, doesn't matter. key needs secret. iv not need secret enhance security of encryption dramatically. does, however, need random.

note not enough thwart active attacker. enough thwart passive eavesdropper.

edit: ok, explain why won't stop active attacker best recall attack. explanation, consider cipher block chaining (cbc) because commonly used. you'll have extrapolate explanation other modes. cipher block chaining xors first block of message iv , encrypts block happen under ecb mode. output of encryption cipher text block 1, xored message block 2 before block encrypted. output xored block after way end.

now decrypt, decrypt first block of cipher text in ecb mode, , xor same iv used on encrypt. yields plain text because in total encrypted , decrypted , xored iv twice, , these 2 xors cancel 1 out. take cipher text block 1 (not plain text, mind you) , after decrypting block 2, xor output preceding cipher text block.

ok, briefly review how cbc works. round trip message cipher text message block, then, xor-encrypt-decrypt-xor 2 xors cancelling 1 out. let me keep extremely simple , imagine super silly example large amount of money wired account. details arranged except account number, , requested.

so alice sending account number bob, , not lose point of explanation among details, imagine account number 10 decimal digits long , therefore fits in single block of aes few bytes of padding spare. encrypts account number wants send money to: 1234567890, xors output of encryption iv, , sends iv , encrypted account number bob @ bank processing.

except eve operating router between alice , bob. supposing knows alice planning wire money account 1234567890 , making educated guess content of encrypted block, can steal wire.

to this, takes original iv , xors 1234567890. xors result own account number 4564564560. replaces original iv final output and, leaving cipher text block untouched, forwards on bob. bob decrypts block , gets have gotten original cipher text block. except when xors iv, not 1234567890 padding plain text; gets 4564564560. transfers money eve per instructions received (but not ones alice sent).

this same tampering possible longer messages long attacker considers garbled plain text on recipient side acceptable. won't explain why here, should apparent if think can make block x decrypt long can correctly guess original plain text , ok block x-1 decrypting random noise.

using mac (as of well-known protocols such ssl, tls, ipsec do) 1 way shore vulnerability of raw cbc attack. it's recommended use 1 of protocols unless there reason cannot so.


Comments

Post a Comment

Popular posts from this blog

html - Outlook 2010 Anchor (url/address/link) -

i'm trying link specific pdf page msoutlook'10 or msword'10, #page=... anchor particularly useful , works fine elsewhere. unfortunately when click [ctr-k] in outlook or winword, links re-formatted assuming unc path. pdf file located on shared drive. using "file:" prefix links open pdf in adobe reader (outside of browser), , "http:" open inside browser. issue seem need open in browser "file:" prefix in order anchor work. know anchors work inside browser. outlook uses windows/explorer default program (based on file extension) seems open in adobe reader neglecting anchor. is aware of solution, link specific page or bookmark of shared-pdf ms outlook and/or winword link? common references: mailermailer.com/...anchor-tags-html-emails campaignmonitor.com/...anchor-links-in-email-newsletters/ stackoverflow.com/...anchor-in-pdf-document
Read more

javascript - Why does running this loop 9 times take 100x longer than running it 8 times? -

consider code: test = function() { } t = new test(); (var = 0; < 8; i++) { result = t instanceof test; } if change number of iterations 8 9 , loop take 100 times longer complete in latest version of firefox (41.0.1). tested on 2 different pcs , magic limit 8. here jsperf test used: http://jsperf.com/instanceof-8-times-vs-9-times does have idea why might happen? seems specific instanceof . not happen if else object, example check property. note: filed bugzilla bug this. jan de mooij mozilla team has posted details in bugzilla thread . here's simplistic interpretation of highly technical answers: in i < 8 case, firefox smart enough hoist result = t instanceof test; statement out of loop (according tests, doesn't seem omit altogether). in i < 9 case, apparently doesn't optimization . why? reason not clear, related fact 9 iterations threshold above function considered "hot" enough run through jit compiler. i < 8 cas...
Read more

Getting gateway time-out Rails app with Nginx + Puma running on Digital Ocean -

following this guide setup app on digital ocean droplet, not working. site not loading , it's throwing: "gateway time-out". the puma server works, since ps aux | grep puma prints: root 15878 0.0 0.4 376832 2168 ? sl 12:50 0:00 puma 2.13.4 (unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock) [20150930164940] root 15881 0.0 0.7 903676 3692 ? sl 12:50 0:06 puma: cluster worker 0: 15878 [20150930164940] root 24654 0.0 0.1 11748 916 pts/2 s+ 18:00 0:00 grep --color=auto puma my nginx config: user root; worker_processes 1; events { worker_connections 1024; } http { upstream puma { server unix:///var/www/myapp/shared/tmp/sockets/myapp-puma.sock; } server { listen 80; server_name myapp.com; root /var/www/myapp/current/public; access_log /var/www/myapp/current/log/access.log; error_log /...
Read more