ways of transforming a block cipher to a stream cipher, enabling repeated use without changing the key.
3
votes
3answers
159 views
AES - plaintext is smaller 128 bit - how to expaned?
we are currently developing a little AES implementation in a crypto-course at university.
As far as I know, AES uses 128 bit blocklength, so all data that will be encrypted will get split up into ...
0
votes
2answers
88 views
Do I need to know the “mode of operation” to decrypt a message encrypted with a block cipher?
If I have received an AES encrypted message, and if I do know the key with which it was encrypted, do I also need to know the mode of operation with which it was encrypted in order to decrypt it? My ...
2
votes
0answers
93 views
Single-purpose symmetric encryption scheme for single files
I'm writing a simple password manager program that will encrypt/decrypt a single file (it's size will most likely stay under a few K). This is my initial file format design:
...
1
vote
1answer
80 views
Partial decryption of large file in AES-GCM (or other modes)?
Lets assume
a 4gig file that is internally made of 1 million pages of 4k bytes each (page).
the file was originally AES-GCM encrypted
these pages (or entire file) lives across the internet i.e. ...
0
votes
1answer
95 views
Is there an efficient way to hide the encrypted plaintext length with a block cipher?
In block cipher modes of operation for encryption on input of a plaintext of $N$ blocks (We assume that the input size is always a multiple of the blockcipher mode: $N·16$ bytes) the size of the ...
6
votes
3answers
442 views
Is this encryption algorithm build from MD5 secure?
I'm being asked to use an encryption algorithm in my code, and besides the fact that I'm sure there will be implementation faults that lead to vulnerabilities, I also have concerns about the algorithm ...
0
votes
2answers
126 views
Why nobody considers counter re-keying as a standard Block Cipher Mode?
One of the simplest possible cipher modes is setting each successive key as a function F of the previous one.
K[0] = Master key
C[i] = E(K[i],P[i]), K[i]=F(K[i-1])
This is similar to the counter ...
1
vote
1answer
80 views
Symmetric encryption mode where ciphertext size is plain text size
I've had many questions on Stackoverflow on how to minimize the output of a cipher - during encryption of course - to the same size as the input. Obviously this is possible for a single block of ...
3
votes
1answer
307 views
Compare Blockmode CBC (with diffuser) against XTS
I have some problems in understanding the "advantage" of AES-XTS compared to CBC with diffuser.
I read something about FileVault, in this paper they mention the two modes of operations XTS and CBC ...
1
vote
2answers
106 views
What cipher mode is suitable for independantly decryptable short messages?
I'm building a small VoIP client which transmits encrypted audio data via UDP, and some packet loss is expected, so each packet will need to be decrypted separately even if others in the stream don't ...
4
votes
2answers
125 views
Will varying plaintext compensate for a fixed initialisation vector?
This is a follow-up question to Relative merits of AES ECB and CBC modes for securing data at rest.
I need to store encrypted Personal Account Numbers (PANs) in a database. The only encryption option ...
4
votes
5answers
305 views
Using CBC with a fixed IV and a random first plaintext block
What if, instead of using CBC mode in the normal way with a random IV, I used this approach:
Use a fixed IV (like a block of 0's).
Before encrypting, generate a random block and prepend it to the ...
2
votes
1answer
161 views
Why doesn't CTR mode require blocking?
I've been reading a bit about block cipher modes and I have a relatively straightforward question regarding CTR. In essence, I was hoping you guys would be kind enough to validate my understanding of ...
2
votes
1answer
308 views
Why, or when, to use an Initialization Vector?
i'm trying to figure out when an Intialization Vector (IV) should be used.
There are anecdotal reports that WEP was broken because of weak IV's. It's also claimed that if two pieces of plaintext are ...
1
vote
2answers
400 views
Is AES in CBC mode secure if a known and/or fixed IV is used?
I have a need to encrypt credentials for a third-party app used by a secured internal app. Over on ITSec.SE, I was helpfully shown a scheme to encrypt the third-party credentials based on a hash of ...
1
vote
2answers
236 views
Difference in one time key and one time pad and many time key
These terms are confusing me. One time pad is when you use one key for one message. That is what One time key is.
Secondly, what is the connection of many time key, can i use one time pad many ...
6
votes
2answers
460 views
Is using a predictable IV with CFB mode safe or not?
While writing this answer, I noted that NIST SP 800-38A says that (emphasis mine):
"For the CBC and CFB modes, the IVs must be unpredictable. In particular, for any given plaintext, it must not be ...
3
votes
4answers
274 views
Which block cipher modes of operation allow a predictable IV?
Recently I found out that in the modes CBC and PCBC the IV may be passed in cleartext but never must be predictable. However for this part of my app I rather have the IV be predictable and unique ...
-4
votes
1answer
87 views
idea of new mode of operation might be secure [closed]
have a mode of operation that might increase security and make the ciphertext more random.
You can have the plaintext divided into blocks and have each block pass trough the initialization vector a ...
1
vote
2answers
541 views
Replay attack in ECB mode
How do replay attacks work in ECB mode?
I found this in Wikipedia:
"ECB mode can also make protocols without integrity protection even more susceptible to replay attacks, since each block gets ...
6
votes
1answer
94 views
Abstracting primitives and modes of operation
I am developing a symmetric crypto library and have reached a roadblock. Looking at block ciphers, it is quite obvious that all block ciphers are trivially abstractable as a simple primitive ...
3
votes
3answers
398 views
Why does CBC decryption with a wrong IV still give readable results?
While developing some code that uses the .NET AesManaged algorithm, I made some mistakes but was surprised at the results.
My encryption was correct. I was generating a random IV block and writing ...
0
votes
1answer
186 views
File Encryption/Decryption in ECB mode [duplicate]
Possible Duplicate:
Removing Padded Value in Decrypted Message
I tried to encrypt and decrypt a file in ECB mode using AES Algorithm but I encountered one problem during decryption, I don't ...
1
vote
4answers
389 views
Is my pseudo-random initialization vector secure?
How can I know if I am generating a secure pseudorandom initialization vector?
Currently I am planning to generate a pseudo-random initialization Vector using current date and time - is this secure ...
4
votes
3answers
403 views
Encryption with “constant” initialization vector considered harmful
I try to get the full reasoning behind the above statement. First, after reading articles here and at wikipedia i understand that using an IV only once is good practice.
For stream ciphers not doing ...
5
votes
1answer
376 views
How can disk encryption systems (like Truecrypt) resist frequency analysis when they allow random access?
I don't understand how disk encryption (e.g. TrueCrypt) is supposed to resist frequency analysis.
If blocks can be randomly accessed (which they can), doesn't that mean that frequency-domain ...
1
vote
3answers
422 views
Which attacks can be avoided by the use of OFB instead of ECB?
For a file encryption program, I was told to use Output Feedback mode (OFB) instead of ECB (Electronic code book) mode.
Which attacks can I avoid by this choice?
1
vote
2answers
237 views
Complexity of ECB and OFB
What is the complexity of ECB in terms of Time and Memory?
and also in OFB? I can't find it in the internet, so I decided to ask it in here.
2
votes
1answer
250 views
How does Output Feedback mode use the initialization vector?
How can I process Initialization Vector inside the Block Cipher Encryption box (using for example AES) together with the Key?
Will I encrypt the Initialization Vector like a block of plaintext?
So ...
1
vote
1answer
849 views
Cipher Feedback Mode
I can't understand what CFB really is. It said in Wikipedia that CFB is same as CBC, but I find that CFB is more difficult than CBC.
Can someone explain to me how CFB works. Such as how ...
-3
votes
1answer
415 views
Advantages of each encryption mode [closed]
What is the advantages of each encryption mode to other encryption mode..
for example what are advantages of CBC to PCBC, CBC to CFB
just like that.
so that I can filter what would be the best ...
4
votes
1answer
407 views
Deterministic nonces in CTR mode
I want to encrypt a file with AES in CTR mode. I have a 256 bit master key and the file. Given these, the encryption must be deterministic, so I can't use a random nonce in the usual way. Fortunately ...
2
votes
1answer
88 views
What “Tag Length” should be used for the EAX MAC?
Since EAX is very flexible with regard to the length of the calculated MAC (what they call "tag" is the MAC value right?), and the EAX paper as well as other documentations carefully avoid suggesting ...
2
votes
1answer
546 views
What is the difference between CBC and GCM mode?
I am trying to learn more about GCM mode and how it differs between CBC. I already know that GCM provides a MAC which is used for message authentication. From what I have read, and seen code ...
4
votes
3answers
385 views
CBC - a canonical mode, even though there are streaming modes
Why is CBC considered the canonical mode when there are streaming modes available such as CFB and OFB? One thing that I can think of is that in CBC you can easliy do range-based decryption. All you ...
2
votes
3answers
1k views
Which one of the Block Cipher modes is the best?
I have two questions regarding the Block Cipher Modes:
First: Which one of the modes is considered the best?
I know CBC has a problem of IV since the next block of the plain text is XORed with the ...
3
votes
1answer
509 views
Why not use CTR with a randomized IV?
I'm currently reading the chapter of Cryptographic Engineering (Ferguson, Schneier, Kohno 2010) about block cipher modes of operation. They have recommended CBC with random IV instead of CTR due to ...
3
votes
1answer
183 views
Undecrypt using the OpenSSL EVP API?
I'm writing a client-server encryption scheme for homework, and I've stumbled upon what might be a fatal blow to my current implementation.
When using AES-256-CBC on the two sides, it's important ...
3
votes
1answer
167 views
OCB - brute force against unknown IV
I read that brute force attacks against a plaintext encrypted in OCB with unkown key and IV has approximately the same complexity as an attack where only the key is unknown.
Why is that ?
Is there a ...
3
votes
1answer
710 views
Does AES-CTR require an IV for any purpose other than distinguishing identical inputs?
I'd like to encrypt files deterministically, such that any users encrypting the same plaintext will use the same key and end up with the same ciphertext. The ciphertext should be private as long as ...
2
votes
2answers
201 views
Does this block cipher mode allow for decryption?
Is there's a way for someone (with the key) to decrypt a message encrypted with the cipher mode shown?
$$ P_0 = IV $$
$$ C_i = P_{i-1} \oplus E_K(P_i) \oplus P_i $$
4
votes
2answers
203 views
Is it safe to store initial counter value for AES-CTR alongside with ciphertext?
The initial counter value can actually be thought of as a sort of IV, which I assume is safe to transmit with the ciphertext, but I really want to be sure that this is indeed safe.
7
votes
3answers
495 views
Using a Non-Random IV with modes other than CBC
The weakness CWE-329 is an interesting problem with CBC mode. However, does this same weakness affect the other modes of operation that rely upon an IV such as: PCBC, CFB and OFB? My gut feeling is, ...
7
votes
1answer
1k views
Can CBC ciphertext be decrypted if the key is known, but the IV not?
Let's say that there is a binary file encrypted with AES in CBC mode (i.e. using a key and initialization vector). If key is known, but IV is not, is it easy to fully decrypt the file?
How hard is ...
5
votes
2answers
830 views
Why do we need special key-wrap algorithms?
Wikipedia says:
Key Wrap constructions are a class of symmetric encryption algorithms designed to
encapsulate (encrypt) cryptographic key material.
We are using these algorithms to encrypt ...
2
votes
2answers
183 views
How can I encrypt more than 64 bit with the Data Encryption Standard?
The Data Encryption Algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 56-bit key.
If my data is more than 64 bits, (suppose 66 or 67 bits), will ...
12
votes
3answers
785 views
Is the CBC weakness in XML Encryption a new discovery? Are other applications vulnerable?
The RUB in Germany reports that XML encryption is broken. This is essentially the W3C standard for protecting XML documents from prying eyes.
Does this mean that an attacker can only see a single ...
7
votes
2answers
2k views
AES in ECB mode weakness
In a project that I'm currently working on, we are encrypting some data using AES with ECB mode in a database. Each piece of data being encrypted is very small, no more than 10 characters long.
Very ...
8
votes
1answer
389 views
Why choose an authenticated encryption mode instead of a separate MAC?
What are cryptographic reasons to choose an authenticated-encryption mode of operation (such as GCM) over a traditional encryption mode plus an independent MAC, or vice versa?
Assume there is no ...
10
votes
3answers
531 views
Is CBC really dead?
I developed a p2p-app in C# which sends and receives encrypted text messages (50KB). For encryption, my app uses AES 128 bit in CBC cipher mode. For each message it uses a new randomly-generated IV.
...
