Re: Newbie question about AES encryption


Mark wrote:
I download some free code to create SHA1 hashes and AES encryption.
Using this code I created a program to encrypt strings by first
initializing the cipher with a SHA1 hash of the password, and then
encrypting the data with the password. It seems to work great by
encrypting a string such as "Encrypted String" and a password of
"password" to a resulting string of "J4lgK+NgpWWtXTyWmeNgow==". Now if
I try and decrypt ONLY PART of the encrypted string, say
"J4lgK+NgpWWtXT" with the password "password", part of the string is
decrypted successfully. I get a decrypted result of "Encrypted". This
seems odd. I would think by truncating part of the decrypted string, I
would get a bunch of garbage in the decrypted string.

Is this a cause for concern?

There are actually two answers to this question. The first is no, it
makes sense that is what you would get.

AES operates by encrypting blocks of data at a time. That is, it will
read 128-bits, encrypt it, output the resulting ciphertext, and then
move on to the next 128-bits. So you have 128-bits ---> AES --->
128-bits. So lets say you encrypted 256-bits. That would be two,
128-bit blocks. If you truncated the last 128-bits, you would decrypt
the first block just fine. The last block you would lose. Make sense so
far?

The complicated answer is, it's not as simple as just doing AES. You
need a mode of operation with it. Just using straight AES has it's
problems (any algorithm for that matter has the same problem). Thats
why we use CBC mode, or CTR mode, etc.

The other thing is, generally you want to provide integrity of the
data. You want to be able to detect if you are missing a block. Let's
say I encrypt the message

"You owe me $1000"

Lets pretend we encrypt 3 characters at a time
"You" " ow" "e m" "e $" "100" "0 "

(hope you can read that).
Each block gets encrypted. It would be very bad if an attacker could
just delete that last block of ciphertext. He doesn't need to know what
it says, he just deletes it. Now when you decrypt it, it says
You owe me $100

Obviously thats not what the original message was.

To prevent this sort of thing, we use what's called a MAC. Google HMAC.


That is both the long and short answer. Hope it makes sense.

-Matt

.

Relevant Pages

  • Re: Need secure block cipher for 96 bits of block size
    ... AES need 128 bits data blocks. ... If you need to send exactly 96 bits of ciphertext for 96 bits of plaintext ... Encrypt the first 64 bits of plaintext to give a first 64-bit block. ... To decrypt you first decrypt the second block, and append the last 32 bits ...
    (sci.crypt)
  • Re: Simple Question: Always the same cyphertext?
    ... > encrypt a file twice with the same key and obtain the same ciphertext does ... > if you are going to decrypt the file later. ... >> whereby I would like to verify the integrity of a file using a hash. ... I will encrypt the file ...
    (sci.crypt)
  • AES Codebook Decrypt Problem
    ... just wondering if anyone can decrypt the following ciphertext (with key ... I can encrypt but I can' t seem to ... RijndaelManaged rijndael = new RijndaelManaged; ...
    (microsoft.public.platformsdk.security)
  • Re: How to decrypt a coded text ?
    ... > I could post the pad used to XOR the ciphertext, ... You can obtain it by reversing the process. ... method to encrypt the text using a software which I made in VB6, ... software can decrypt it too. ...
    (sci.crypt)
  • CBC/BLOWFISH, NEWBIE HELP - CANT DECRYPT FROM SAVED FILE
    ... I'm trying to use Crypt::CBC using Blowfish to encrypt ... I can get it to encrypt and decrypt OK as long as I assign ... when I save the ciphertext ...
    (comp.lang.perl.misc)