Re: Hash question ...

On Sun, 04 Mar 2007 00:37:41 GMT, "Joseph Ashwood" <ashwood@xxxxxxx>
wrote:

Use an HMAC of the header, and also store an HMAC of the entire file (you
could also build an HMAC merkle tree for fast verification, but this would
take more time to explain). So you'll have 3 keys:
K_1 = HASH("Encryption Key" | IV1 | passphrase )
K_2 = HASH("Header MAC Key" | IV2 | passphrase)
K_3 = HASH("Full file MAC Key" | IV3 | passphrase)

IV* are randomly generated values, known length is ok.
Store IV* in the output file in the clear
Then take the first substantial chunk of the plaintext, 1KB will suffice,
call this Header and store HMAC(K_2, Header) in the output file, generate
hmac=HMAC(K_3, entire input file), append hmac to the end of the INPUT file.
Encrypt the input file (with appended hmac) using K_1, store the ciphertext
in the output file.

This generates a knowable format, and if you include designators in the
file, for example creating a file format of
IV1 = 0xsomething
IV2 = 0xsomething2
IV3 = 0xsomething3
HMACHash = SHA-512
HeaderMac = 0xblah

EncryptedLength= a number
EncryptedData =
binary data

I think I need to do a bit more research on MAC and HMAC in order to
understand what you mean. Apparently I'm a bit confused. I thought
those methods involved asymmetric algorithms.

Basically, I want to let you know that I received your reply, but
can't make heads or tails of it at this point. <g>

It will be easy to parse, and since format doesn't matter, this works quite
well.

For speed on a multicore processor you can actually run the HMAC and
encryption at the same time in two seperate threads, this will place the
speed bottleneck very solidly on the disk. Since AES in CBC mode is close to
100MB/sec, and SHA-512 is close to 100MB/sec and if you synchronize the
threads the memory bandwidth is cut in half, you're looking at probably
being in the 80MB/sec range on this, since a modern hard drive generally has
sustainable write rate of < 80MB/sec this should be disk bound, even when
working between two drives. So the question is now: Can you wait 8 seconds
for that CD and 60 seconds for the DVD?

That is actually something like what I was doing, performing the crypt
and hash more or less in parallel. Multiple threads are something I
have yet to attempt, though.

If I could achieve the speeds you quoted, I would be quite happy.

I'll come back in a day or so to reply in a more knowledgeable manner.

Joe

Thanks!

J.
Jeremiah D. Seitz
Omega Techware
http://www.omegatechware.net
.

Relevant Pages

  • Re: Authentication before encryption or ...?
    ... I want to encrypt and authenticate 128 bytes of random data. ... those data and calculate HMAC for future authentication. ...
    (sci.crypt)
  • Re: HMAC
    ... > encryption/decryption involved in creating the HMAC. ... > two communicating partners know, and is required to create and verify the ... If my two parties communicating already have a secret key and use it to encrypt both the message they wish to send and the corresponding message digest, what's the point in using an HMAC algorithm involving a second key (or tag). ...
    (sci.crypt)
  • Re: LibTomCrypt [v0.95]
    ... > Tom St Denis wrote: ... > Is it correct to HMAC and encrypt the message with the same key? ...
    (sci.crypt)