The importance of IVs
From: mobius30 (mobius30_at_hushmail.com)
Date: 08/27/05
- Next message: Johnny Bravo: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Previous message: Joe Peschel: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Next in thread: Regis: "Re: The importance of IVs"
- Reply: Regis: "Re: The importance of IVs"
- Reply: Kristian Gjøsteen: "Re: The importance of IVs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Aug 2005 10:38:16 -0700
Recently I looked around on then internet for freeware plain-text
encryption programs. There are a handful of them out there that
support most of the popular encryption methods. One of them, it will
go un-named for now, uses CBC/MD5/RijndaelAES to allow users to quickly
and easily encrypt and decrypt plain-text. Upon further examination, I
noticed this particular application does not apply any IV prior to
encryption of the selected text. I was surprised to find how many of
these freeware applications don't. Why is that? I would think
implementing something as simple as random data into the first block(s)
of text would be SOP for anyone writing one of these applications.
Considering that many users of these applications might be encrypting
text with repetitive headers (i.e. "Dear Sally", etc.), I would think
the authors of the applications would implement at least an IV for the
first block. Below, I've listed some clear text and the resulting
CBC/MD5/AES cipher-text from the password "test" (no quotes). As you
can see, without the random data at the beginning of the message, the
encrypted messages all start out identically.
My questions:
How important are IVs? Does not using them really pose that much of a
risk under the conditions that:
a) you have several repetitive characters at the beginning of multiple
intercepted encrypted messages
b) the same password is used in each of these messages (let's say it's
64-bits)
What's the point of using a relatively good system (like CBC/MD5/AES)
and not randomizing the first block(s)??? How much easier would it be
to crack? How many intercepted messages (average love-letter length)
would someone need to crack this and how long would it take assuming
reasonable PC computing power?
TEST CASES:
________________________________________
[ NO IV USED (notice the repeating encrypted text at the beginning) ]
This is a test.
lIbEhACsdJyAb0oIcC+3CHBXwFKg
This is a test. Test. Test.
lIbEhACsdJyAb0oIcC+3CPVuU16EczTruQ==
This is a test. One. One.
lIbEhACsdJyAb0oIcC+3CHWB6wOMDZ2O0gpu
This is a test. Two. Two.
lIbEhACsdJyAb0oIcC+3CPXupSuMzVbnuX+fYmk=
This is a test. Three. Three.
lIbEhACsdJyAb0oIcC+3CPXu2/VQWIXnuZF9Y5I=
_________________________________________
[ WITH IV (no repeats or patterns immediately noticeable) ]
d89s This is a test.
6HWpWqhD50pfsJgmcwOiHk8p5HjIpZLkehQ=
cl;2 This is a test.
SA5koEpZGQNZI+j+tNueKQH5ZKgJLr9dWeo=
_________________________________________
- Next message: Johnny Bravo: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Previous message: Joe Peschel: "Re: My my, how time flies ...... it's been about "1 hour" -- anyone cracked CryptoSMS yet?"
- Next in thread: Regis: "Re: The importance of IVs"
- Reply: Regis: "Re: The importance of IVs"
- Reply: Kristian Gjøsteen: "Re: The importance of IVs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
