(or Advanced Encryption Standard), a symmetrical block-cipher algorithm with a 128-bit block size, and key sizes of 128, 192 or 256 bits.
1
vote
1answer
54 views
Where is the S-Box generated in Rijandel/AES?
It's rather kind of lame questions, and I can't find good and clear explanation:
In which step of Rijandel is S-box generated?
Is the S-box reused in every round of cipher or is generated in every ...
2
votes
1answer
79 views
What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?
As you know in the past few weeks it has emerged that NIST/NSA have been involved in weakening encryption standards over a long period of time so that they can retain the ability to break encryption ...
0
votes
1answer
45 views
Reusing keys with AES-CBC
I heard that key/IV pairs must not be reused in AES-CTR, or when using any stream cipher for that matter. Yet the attacks described do not seem to apply to AES-CBC.
Is reusing the same key several ...
2
votes
1answer
89 views
Is it safe to use GZIP to avoid padding related attacks
I am designing a library that supports encrypting some in-memory data using AES in CBC mode. Now I need a padding but it seemed to me that Apple's CommonCrypto library and OpenSSL have different ...
4
votes
2answers
193 views
Why is AES considered to be secure?
The security of RSA is based on the integer factorization problem, which is a very well defined and understood mathematical problem. This problem must be solved in order to fundamentally break RSA.
...
0
votes
0answers
46 views
Implementation of AES-XTS mode in C or C++
Does anyone know of a C or C++ encryption library that implements the XTS mode of AES? The crypto libraries that I am familiar with are:
Crypto++
PolarSSL
OpenSSL
None of these implement XTS ...
3
votes
1answer
78 views
How to choose keys for a block cipher?
AES and DES are block ciphers. Mathematically, its the mapping from plaintext space to ciphertext space using the keys i.e. $\{{0,1}\}^k$ x $\{{0,1}\}^l \longrightarrow \{{0,1}\}^l$
I know that these ...
0
votes
1answer
88 views
Proper way of doing encryption and authentication (PBKDF2 + AES)
I'm currently in the planning phase of an authentication and storage-ish service.
The client needs a file ("ENCFILE") which he will work with. This file will be encrypted with AES256, and stored on ...
0
votes
0answers
31 views
one-time key, zero IV in stream cipher (e.g. AES-CTR) [duplicate]
Say I am using a random key to construct a stream cipher with, say, AES in CTR mode, which will never be used to encrypt more than one data stream. Is there any advantage, no matter how small, to ...
1
vote
1answer
92 views
AES with different modes of operation
I'm taking up a cryptography class and this is for an assignment. We're asked to find the differences between AES/RSA in the different modes of operation vs the one timepad method.
From wiki, I can ...
0
votes
2answers
110 views
Combining multiple symmetric encryption algorithms - implications?
I was just wondering if I add more security by combining two or more symmetric encryptions on a plain text.
For Example:
Plaintext -> AES -> Twofish -> Serpent
Of course a different key and IV ...
3
votes
1answer
126 views
Can the AES encryption and decryption algorithms be described as a polynomial for a specific key?
AES is a block cipher that consists of non-linear and linear parts to provide the Shannon requirements of confusion and diffusion respectively. The linear parts can for sure be described as a ...
4
votes
2answers
183 views
Camellia or AES - which should I use?
Imagine I am a software developer. I want a block cipher, and I have the choice of using AES or Camellia. Which should I use? Which makes more sense from a technical perspective, and why? I need ...
0
votes
0answers
66 views
How does the BGE attack work?
I'm a student and I'm currently trying to understand the concepts of attacking WB AES cipher, I've looked in a few sources (I didn't find the original paper by Chow et Al) but none actually show a ...
0
votes
1answer
123 views
What's wrong with my security model - or how can it be attacked?
I'm working on a little personal project where security is very important, and I've thought for a while about the best way to do this. Now I am looking for a little outside help on good practices. The ...
1
vote
4answers
123 views
Initialization vector in symmetric-key encryption
Can we use symmetric-key algorithms without an initialization vector?
I am making an app where both the sender and receiver share a key and there is no way to create an initialization vector for each ...
0
votes
0answers
11 views
Most efficent allocation unit size for an AES-encrypted PenDrive [migrated]
I'm gonna encrypt a PenDrive using AES (with TrueCrypt). What would be the most efficient allocation unit size when formatting?
Since AES block size is 16 KB, would 16 KB be the most efficient? Is ...
0
votes
2answers
68 views
Using IV buffer after altered inside a Rijndael CBC Encryption/Decryption process as IV for next message
When sending a block to be decrypted or encrypted, with RijndaelCBC, we input the data to decrypt/encrypt and an IV for syncing and to prevent identical outputs for identical inputs.
*This question ...
6
votes
3answers
133 views
AES CTR with similar IVs and same key
Lets say there is a piece of software that uses AES CTR to encrypt different messages using the same key but with slightly different IVs
So for example, a 16 byte IV, the 2nd 8 bytes are always the ...
5
votes
2answers
111 views
Multiple iterations of AES for key derivation?
The keepass password manager uses multiple rounds of AES for its key derivation, as described here. I was somewhat surprised that it wasn't using pbkdf2, bcrypt, or something more common. ...
0
votes
0answers
45 views
How is the key obtained when I login via VPN? [migrated]
So, I configure my VPN (let say which uses PPTP protocol), enter the server name, username and password. Then, I visit a website. Before that, my request is encrypted using AES with some key. That ...
2
votes
1answer
107 views
Multiple parties must encrypt and get the same result
Hopefully this question is not too simple - I did some research but with encryption I really don't want to make a mistake.
Our scenario is that multiple groups need to encrypt a number and arrive at ...
0
votes
1answer
76 views
Is the salt value a secret or can it be stored in cleartext just like the IV? [duplicate]
From Wikipedia I read that the IV is used to randomise the mapping of cleartext to cipher text and that the IV is usually stored (in cleartext) together with the encrypted record. ...
6
votes
1answer
247 views
Will our app be FIPS 140-2 compliant if we use our own AES algorithm implementation?
We are in the processing to understand if our software applications is FIPS 140-2 compliant or not. Currently in our application, we are using our own implementation of AES algorithm. AES is a FIPS ...
0
votes
2answers
150 views
How resilient to attackers with extreme resources available is this encryption method?
How could the following scheme be made more resilient to attacks capable of utilizing massive amounts of resources?
Assume all random values are cryptographically secure.
Key derivation: scrypt ...
2
votes
1answer
210 views
Am I insecurely implementing AES in Python? [closed]
My name is Pat, I'm a rising high school senior interested in Comp Sci. I've taken interest in cryptography following the NSA scandal. Since this is the first time I've ever implemented encryption ...
4
votes
2answers
139 views
Vulnerabilities if encrypting the same data with 2 different keys
Let's say that Alice and Bob complete a key exchange and then Alice uses that key k1 to encrypt a 256-bit key kaes1 and sends it ...
4
votes
2answers
135 views
How to use salt when there is only one user
I am encrypting files for storage in an untrusted location, using a custom Java program to do that. There is only one user, but there are many files.
I am using AES in CBC mode with PKCS5 padding, and ...
7
votes
2answers
231 views
Can AES decryption be used as encryption?
Definition
E: AES encryption
D: AES decryption
x: plain text
y: encrypted text
k: key
In original AES cipher,
encryption: y = E(x, k)
decryption: x = D(y, k)
Then I define the "reverse AES ...
3
votes
1answer
81 views
Could using sequential plaintext uncover AES key?
I am encrypting a string in a format like this:
...
4
votes
1answer
124 views
Swapping Key and IV in AES? Safe?
I have an application where I want to be able to send an encrypted file, and then mete out "keys" that allow the receipient to decrypt the file from a certain point to the end of the file. Actually, ...
5
votes
1answer
209 views
Is AES-XTS considered safe to encrypt multiple files with the same keys?
I was wondering if changing the cipher mode to AES-XTS in EncFS would be a sound idea. EncFS uses AES in CBC mode until the last 1KB block, and CFB mode for the last block if ...
5
votes
2answers
224 views
AES key expansion: 256bit key
In AES algorithm, in the key schedule,
Why does the expansion of a 256 bit key need an extra application of the S-box, unlike the expansion of 128 bit and 192 bit keys ?
(The obvious answer would be ...
0
votes
1answer
232 views
Achieving 256-bit encryption strength with PBKDF2 - HMAC-SHA1
I am interested in the theoretical consideration of the bit strength of an encryption key and its precursor.
Assume a given environment as follows:
a. My encryption algorithm is AES-256
b. My key ...
3
votes
2answers
83 views
How to Compute C^2 in AES MixColumns Matrix?
In mix Columns we have:
$$C(x) = \{03\}X^3 + \{01\}X^2 + \{01\}X^1 + \{02\}$$
In Viktor Fischer's Paper on MixColumn and ...
3
votes
1answer
86 views
Advantages of combined PRNGs
This question is related to this one in intention, and this one in scope.
Would I be guarding myself against future attacks on a single PRNG if I combine two (or more) together?
I am thinking of ...
2
votes
2answers
226 views
AES encryption using a Diffie-Hellman key exchange
I have two systems which need to encrypt their communication by AES-128. The key for the AES encryption should be exchanged with the Diffie-Hellman (DH) algorithm.
Now, I've read about DH and got a ...
1
vote
2answers
103 views
Derive a key from public data using a secret master key
Users in my system will be given a device that contains a 128-bit AES user key. The user key will be derived from 64 bits of public data related to the user, which is unique but very predictable (i.e. ...
3
votes
1answer
352 views
Assuming a 1024qb quantum computer, how long to brute force 1024bit RSA, 256bit AES and 512bit SHA512
Assuming in the future there was a functioning 1024 qubit quantum supercomputer and it could run Shor's algorithm or Grover's algorithm to crack encryption very quickly. I'm interested in how the ...
5
votes
1answer
93 views
Does the GCM authentication tag need to be protected?
I am just learning about the GCM mode of AES and I'd like to start using it in my software. However, I have a question about its use. As I understand it the output of a GCM encryption operation is ...
1
vote
3answers
119 views
Key Derivation in JavaScript
I need to take a potentially weak user password and derive a strong key for AES encryption in JavaScript.
How can I do this?
I expect the hardest problem is generating a good random salt - perhaps ...
-1
votes
1answer
80 views
AES: keylength and password length? [closed]
What is the difference between the keylength and the length of a password for AES-256?
3
votes
1answer
133 views
Is this an acceptable authenticated encryption?
After much deliberation, I've decided to use a normal Encrypt-then-MAC scheme instead of an authenticated encryption mode such as GCM as authenticated encryption primitive. This is due to the lack of ...
2
votes
1answer
141 views
What's the most secure way to derive a key from a password repeatably?
I'm trying to write a cloud storage application where everything the user uploads is unreadable by the server, encrypted client-side before being sent.
Currently, the flow looks like this:
User ...
3
votes
1answer
88 views
How difficult is it to find the “pre-image” of a block cipher?
Say that I have
$$ C_1 = AES_{k_1}(M_1) $$
How difficult would it be to find a key, K2 and plaintext M2
$$ C_2 = AES_{k_2}(M_2) $$
such that
$$ C_1 == C_2 $$
How would using a block cipher ...
2
votes
1answer
84 views
Using same AES-GCM setup for multiple packets?
Most cryptographic libraries I've encountered uses some variant of processPlaintext(...) and then doFinal() to produce the ...
0
votes
0answers
32 views
sharing active S_box
I am reading biclique cryptanalysis of the full AES paper...what they mean by ' sharing active S-boxes'? how this concept can be advantageous to make a biclique?If there is someone who read this ...
2
votes
3answers
399 views
AES 256 Encryption - Is it really easy to decrypt if you have the key?
So this might sound like a crazy question but bear with me for a minute. I can't find any info on the internet and so am here, although this might have been a good place to start.
I've recently ...
3
votes
1answer
154 views
AES-SIV security
I am invesigating the AES-SIV (rfc 5297) based block cipher. The construction of the S2V is lying on the AES-CMAC and dbl and XOR operation. Given a AAD the size of L and in the 128bit block ...
2
votes
1answer
184 views
Review of AES encryption concept for an open source project
i'm working on an opensource project, A generator for static (html/js), password protected photo galleries. The generator AES 256 encrypts many images with the same key in PyCrypto, and decrypt them ...
