Re: encrypting files

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 05/13/04 

Date: Thu, 13 May 2004 18:49:52 GMT

Bob Jenkins wrote:
> I'm doing some serious wheel-reinvention, writing a command-line
> utility to encrypt files. So far, though, it's been educational.
>
> * Block ciphers are better than stream ciphers because they thwart
> attackers who know the plaintext from changing the encrypted file
> meaningfully.

That's not really valid. For true authentication you need at least a MAC.

> * There should be a different salt for each encryption so that the
> same text will encrypt to different things every encryption.
> Particularly an issue for multiple revisions of the same file.

Generally yes.

> * To reduce the burden on the user, the salt should be internally
> generated and stored with the encrypted file. This means the utility
> has to distinguish between encrypting and decrypting. (I'm currently
> favoring the date down to the current second plus the input file name
> as the salt. Is there any point in keeping the salt secret?)

The salt shouldn't be secret. In particular in modes like CBC or CTR
[where you could say the salt forms the IV as well] it's generally
public knowledge.

> * Encrypted and decrypted files will be different sizes because the
> salt has to be prepended to the encrypted file. Since the filesize
> can't be preserved anyhow, compressing before encryption and/or ASCII
> encoding after encryption look attractive.

Do one thing and do it well. ;-)

You could always work as a pipe as well e.g.

gzip -9c somefile | yourtool -encrypt -passwd "blah" > somefile.gz.enc

> * The password shouldn't appear on the screen. In C there's a library
> routine, passwd = getpass("password:"), for that.

Depends on platform. In *nix land you can uses ncurses to turn off the
echo.

> * In C, stdin and stdout are character streams, which behave poorly in
> the presence of binary data. Either I don't use pipes (I only
> read/write files), or the encrypted data has to be ASCII encoded.

Depends on platform. In *nix land you can pipe binaries through
stdin/stdout. Can't do that in Win32 [though I think cygwin emulates
*nix in this respect].

Tom

Relevant Pages

  • Re: encrypting files
    ... > * There should be a different salt for each encryption so that the ... > same text will encrypt to different things every encryption. ... > generated and stored with the encrypted file. ... stdin and stdout work just fine for binary data. ...
    (sci.crypt)
  • Re: Microsoft EFS questions
    ... didn't want to have different EFS encryption for different versions. ... > Encrypted File System, which can be used with Win2K and WinXP. ... > Second, are there any known weaknesses or further documentation for DESX, the crypto ...
    (Security-Basics)
  • encrypting files
    ... * Block ciphers are better than stream ciphers because they thwart ... * There should be a different salt for each encryption so that the ... same text will encrypt to different things every encryption. ... generated and stored with the encrypted file. ...
    (sci.crypt)
  • Re: IIS 6 Question re: FTP
    ... encrypted file. ... The other option we've seen customers ask for is SSH. ... It provides encryption end to end. ... > Our new state guidelines are mandating encrypted FTP. ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to encrypt/decrypt a file
    ... Modified to use random IV value (and random salt). ... (and for CTR mode of operation counter IV gives much better IND-CPA security). ... get a cryptographically random salt (different for each encryption invocation) ... and the server is watching that this exact data is not stored on the server... ...
    (microsoft.public.dotnet.security)