Re: Is this Possible?
From: clem (clem_at_numeral.com)
Date: 06/25/03
- Next message: aditya: "Re: what is a hash ?"
- Previous message: Tom St Denis: "Heads up on the LibTomMath Book"
- In reply to: Myrddin Emrys: "Is this Possible?"
- Next in thread: Ernst Lippe: "Re: Is this Possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Jun 2003 21:40:50 -0700
On 24 Jun 2003 01:15:49 -0700, myrddin@iosys.net (Myrddin Emrys)
wrote:
<snip>
>
>I wish to encrypt an IP:PORT datum, 6 bytes. I do not wish the
>encrypted form to be longer than 8 bytes. I need to be able to reform
>the original result after an arbitrary length of time with no
>additional data. The encrypted chunks will have a massive degree of
>duplication, but I wish the encrypted results to be as random as
>possible. I need it to be impossible for an attacker, given the
>hundreds or thousands of encoded chunks, to be able to break the
>cypher.
>
<sip>
>Am I wrong? Is there a way of encoding thousands of (very repetetive)
>6 byte datums so that the cyphers produce different results for the
>same input, but are recoverable without additional data beyond the
>cypher? Would increasing the cypher result from 8 bytes to 14 bytes
>(giving me 64 bits of secure data) make it secure, or does the massive
>repetition (hundreds of thousands of encodings of the same value)
>undermine the security to too great an extent?
<snip>
If you can go to 14 bytes in the field, I think you make analysis of
the IP:PORT difficult.
You'll need a secret key that you use to encrypt and decrypt. This
key will need to be strong and you will need to access it on the
decrypt phase. Of course the value of this key is closely held, as if
it is discovered, you are completely and totally hosed.
Using 3DES
1. Generate a hard-to-guess key of 128-bits. IOW, a strong key.
2. Generate a nonce (non-repeating sequence) of 64-bits (eight bytes)
and do it anyway you want that will guarantee non-repeat, like hashing
a random number and incrementing the random number like a counter with
SHA-256 and taking the MSB 64-bits. You increment, then hash, and
take 64-bits for each encryption.
3. Take the MSB 48-bits of the 64-bit nonce, copy this value for step
5, and prepend the 48-bits to your secret key, hashing this with
SHA-256 and taking the MSB 168-bits to get the session key.
4. Append the remaining 16-bits of the 64-bit nonce to your 48-bit
IP:PORT number to get a 64-bit block and encrypt, giving you an
encrypted 64-bit block.
4. Append the 48-bits from step 3 to your 64-bit encrypted block for
the 112-bit (14 byte value) and you are done.
To get the 48-bit IP:PORT
Get the 112-bit value and slice off the 48-bit value at the end and
use this 48-bit slice to prepend the secret key, hash with SHA-256,
take the MSB 168-bits and use this to decrypt the remaining 64-bit
block and discard the last 16-bytes to give you your cleartext IP:PORT
48-bit value.
This may thwart analysis of the IP:PORT values sufficiently.
- Next message: aditya: "Re: what is a hash ?"
- Previous message: Tom St Denis: "Heads up on the LibTomMath Book"
- In reply to: Myrddin Emrys: "Is this Possible?"
- Next in thread: Ernst Lippe: "Re: Is this Possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
