Re: Encryption using System.Security.Cryptography

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 04/06/04 

Date: Tue, 06 Apr 2004 20:22:19 GMT

Using CBC won't actually increase the size of the output. What CBC does is combine the previous block with the current plaintext before
encrypting. Since the first plaintext block doesn't have a preceeding encrypted block, the IV is used. Since the IV is only xor'ed with the first block
of plaintext, it won't actually increase the output size of the ciphertext. (There's still the same number of blocks produced).

Perhaps a sample will clear this up. If I have plaintext divided up into blocks pt1 pt2 and pt3, then

ct1 = Rijndael(pt1 xor IV)
ct2 = Rijndael(ct1 xor pt2)
ct3 = Rijndael(ct2 xor pt3)

Where ct1...3 are the resulting ciphertext blocks. You can see from the sample that three plaintext blocks map to three ciphertext blocks.

-Shawn
http://blogs.msdn.com/shawnfa 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>From: "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com>
>References: <188d401c41b5d$b9eb4a90$a501280a@phx.gbl> <JPsWQq2GEHA.660@cpmsftngxa06.phx.gbl>
>Subject: Re: Encryption using System.Security.Cryptography
>Date: Mon, 5 Apr 2004 17:28:50 -0700
>Lines: 104
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <O7CDk42GEHA.1128@TK2MSFTNGP11.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: fmfwpr01.fm.intel.com 192.55.52.1
>Path: cpmsftngxa06.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5657
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>Shawn,
>
>I think that initialization vector should also be taken into account (for
>cipher-block chaining), shouldn't it?
>
>Alek
>
>""Shawn Farkas"" <shawnfa@online.microsoft.com> wrote in message
>news:JPsWQq2GEHA.660@cpmsftngxa06.phx.gbl...
>> Hi Dan,
>>
>> The output size of the Rijndael algorithm is going to depend on several
>factors.  I'll step you through how to calculate the result for your
>> specific case.  Rijndael is a block cipher, which means that it must
>operate on a whole block of data at a time.  During the encryption, your
>data is
>> split up into a sequence of blocks.  The size of each block is given by
>the BlockSize property of the algorithm being used, for Rijndael it's 128.
>> (This value is expressed in bits).
>> The first step is to calculate how many blocks of data you have.  If your
>string is ASCII (or any other encoding that can fit into one byte
>> characters), then you'll have 25 bytes of data.  Each block is 128 / 8 =
>16 bytes.  Therefore you'll need two blocks to fully encrypt your data.
>(The
>> unused portion of the second block is filled with padding, as specified in
>the Padding property of the Rijndael class).  If you're using UTF-16
>> encoding, you could have 50 bytes, or 4 blocks.
>> Since the input block size is equal to the output block size, you're going
>to have (assuming one byte characters), 32 bytes of output.
>> Padding makes the calculation a little less straight forward in the
>general case however.  If you're using PKCS7 padding, and you don't
>> have any partial blocks, you'll actually get an extra block of padding at
>the end of your ciphertext.  So, with PKCS7, a 32 byte message encrypts to
>> 48 bytes, assuming a block size of 128 bits.  Here's a quick table to
>summarize:
>>
>> Input Size: 25 bytes
>> Block Size: 16 bytes
>> Padding: PKCS7
>> Output Size: 32 bytes
>>
>> Input Size: 25 bytes
>> Block Size: 16 bytes
>> Padding: Zeros
>> Output Size: 32 bytes
>>
>> Input Size: 50 bytes
>> Block Size: 16 bytes
>> Padding: PKCS7
>> Output Size: 64 bytes
>>
>> Input Size: 32 bytes
>> Block Size: 16 bytes
>> Padding: PKCS7
>> Output Size: 48 bytes
>>
>> Input Size: 32 bytes
>> Block Size: 16 bytes
>> Padding: Zeros
>> Output Size: 32 bytes
>>
>> -Shawn
>> http://blogs.msdn.com/shawnfa
>>
>> -- 
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>rights.
>> Note:  For the benefit of the community-at-large, all responses to this
>message are best directed to the newsgroup/thread from which they
>> originated.
>> --------------------
>> >Content-Class: urn:content-classes:message
>> >From: "Dan" <anonymous@discussions.microsoft.com>
>> >Sender: "Dan" <anonymous@discussions.microsoft.com>
>> >Subject: Encryption using System.Security.Cryptography
>> >Date: Mon, 5 Apr 2004 15:31:23 -0700
>> >Lines: 7
>> >Message-ID: <188d401c41b5d$b9eb4a90$a501280a@phx.gbl>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="iso-8859-1"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>> >Thread-Index: AcQbXbnrsTyGiIiTSjWfZB8BS/UZYA==
>> >Newsgroups: microsoft.public.dotnet.security
>> >Path: cpmsftngxa06.phx.gbl
>> >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.security:5653
>> >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
>> >X-Tomcat-NG: microsoft.public.dotnet.security
>> >
>> >For an unencrypted string with a length of 25 characters,
>> >what would be the maximum length of the encrypted byte
>> >array using the
>> >System.Security.Cryptography.RijndaelManaged algorithm
>> >in .NET?
>> >
>> >Thanks in advance.
>> >
>>
>>
>
>
>

Relevant Pages

  • Re: Conspiracy in the Surveillance Society
    ... (requiring brute-forcing the ... that the plaintext is independent of the encryption key. ... But the key ain't transfered in the ciphertext. ...
    (rec.arts.sf.science)
  • Re: Using a Magic Value in Place of Authentication
    ... encryption functions for keys k1 and k2) share a single mapping from a specifc plaintext to a specific ciphertext. ... When did we restrict the plaintext or key of an encryption method to plain English? ...
    (sci.crypt)
  • Re: Using a Magic Value in Place of Authentication
    ... the encryption functions for keys k1 and k2) share a single mapping from a specifc plaintext to a specific ciphertext. ... If the attacker had some chosen plaintext, then that would lead to a partial if not a total mapping of the key. ... Of course you could just test a single ciphertext over all possible keys and indeed determine after 2^128 encryptions that it can only be the result of a specific plaintext and key. ...
    (sci.crypt)
  • Indistinguishability and integrity in symmetric encryption
    ... "The 'right' security property for general-purpose symmetric encryption". ... >symmetric encryption scheme (for which the empty plaintext is not ... A has interfaces to an encryption oracle ... It is assumed that the ciphertext returned by A is different to all those ...
    (sci.crypt)
  • RE: How to verify a decrypted cyphertext
    ... a given ciphertext might decode into several different ... Mathematical encryption might not be the only encoding of the ... Japanese (nothing guarantees that the plaintext will be in English!) ... But in the case of a encrypted random string ...
    (Security-Basics)