Welcome to the Monastery | |
PerlMonks |
Re^3: Deterministic asymmetric encryption [Crypt::RSA]by ikegami (Patriarch) |
on Dec 15, 2010 at 21:00 UTC ( [id://877376]=note: print w/replies, xml ) | Need Help?? |
Oops, yes.
First, it introduces information leakage. If two records have the same plain text, the creator of one of those records knows the content of the other record. If the plain text is a password, for example, this could allow someone to know someone else's password. The other concern is that by having more blocks encrypted with the same key, one might be able to attack certain algorithms and maybe even recover the key. The potential impact of using the same key could be lessened if chaining is used (i.e. if the key used to encrypt one block depends on the previous block). Lots of factors affect how much this matters.
It doesn't have to be deterministic to do that. The requirement to use salt (iv) doesn't prevent anyone from adding to the database as long as the salt is included in the database as well.
This requires deterministic encryption or hashing. Hashing algorithms have been vetted against these attacks. A particular encryption algorithms? dunno. So you need deterministic asymmetric encryption, or non-deterministic asymmetric encryption plus hashing.
In Section
Seekers of Perl Wisdom
|
|