in reply to Safe symmetric encryption - Crypt::CBC + Crypt::Blowfish?
In terms of breaking the code mathematically, it's the total number of blocks that matters, not whether their logically one or n email notes. So, ongoing use like SSL/TLS will switch keys every so often. How many is too many? It's really only an issue with DES and variations because the block size is 64 bits.
With AES and other modern 256-bit block ciphers, it's not an issue. For 128-bit blocks, I don't know what the size is but it's probably more than you have to worry about for modern applications.
Update: With AES and other finalists, having 128-bit blocks means the size safety limit is more than a typical application needs to worry about. If that's not enough, many of those are defined with larger block sizes (up to 256 bit), rendering that kind of attack a total non-issue.
There is a difference between 1 large vs. 2 small messages, for a different kind of attack. If you know that the messages begin with the same stuff (e.g. the TO: headers) you might be able to make use of that. You could, for example, tell that the first n blocks of the two emails were the same, indicating they might be to the same person. However, the use of an "initialization vector" (iv) will prevent this problem, and two 1K messages is no different than 1 2K message. So I say the only thing missing from your example is a different random iv. Note that if you use the last output block of one message as the iv for the next, the result of concatenating the two ciphertexts is literally NO DIFFERENT than concatenating the two plaintexts together and encoding as one CBC sweep. Take that as a proof of the principle stated above.
Now RC4 is a stream cipher, as opposed to a block cipher. It's totally different. If you encode two messages using RC4 with the same key, then someone can XOR the two ciphertexts and the key cancells out! He's left with the same result as XORing the two plaintexts together, and untangling that is not nearly as hard as breaking the cipher.
Update: was confusing block size values with key size values.
|Replies are listed 'Best First'.|
Re: Re: Safe symmetric encryption - Crypt::CBC + Crypt::Blowfish?
by no_slogan (Deacon) on Feb 08, 2003 at 18:32 UTC