As far as Blowfish is concerned, each call to encrypt a block of 128 bits (if I recall the size correctly) 64 bits is a different plaintext on the same key. You call it as many times as needed for the length of your message. What's the difference between calling it once for a 2K message or twice for two different 1K messages?

In terms of breaking the code mathematically, it's the total number of blocks that matters, not whether their logically one or n email notes. So, ongoing use like SSL/TLS will switch keys every so often. How many is too many? It's really only an issue with DES and variations because the block size is 64 bits.

With AES and other modern 256-bit block ciphers, it's not an issue. For 128-bit blocks, I don't know what the size is but it's probably more than you have to worry about for modern applications.

Update: With AES and other finalists, having 128-bit blocks means the size safety limit is more than a typical application needs to worry about. If that's not enough, many of those are defined with larger block sizes (up to 256 bit), rendering that kind of attack a total non-issue.

There is a difference between 1 large vs. 2 small messages, for a different kind of attack. If you know that the messages begin with the same stuff (e.g. the TO: headers) you might be able to make use of that. You could, for example, tell that the first n blocks of the two emails were the same, indicating they might be to the same person. However, the use of an "initialization vector" (iv) will prevent this problem, and two 1K messages is no different than 1 2K message. So I say the only thing missing from your example is a different random iv. Note that if you use the last output block of one message as the iv for the next, the result of concatenating the two ciphertexts is literally NO DIFFERENT than concatenating the two plaintexts together and encoding as one CBC sweep. Take that as a proof of the principle stated above.

Now RC4 is a stream cipher, as opposed to a block cipher. It's totally different. If you encode two messages using RC4 with the same key, then someone can XOR the two ciphertexts and the key cancells out! He's left with the same result as XORing the two plaintexts together, and untangling that is not nearly as hard as breaking the cipher.

—John

Update: was confusing block size values with key size values.


In reply to Re: Safe symmetric encryption - Crypt::CBC + Crypt::Blowfish? by John M. Dlugosz
in thread Safe symmetric encryption - Crypt::CBC + Crypt::Blowfish? by diotalevi

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":