Re: Hash question ...
- From: Jeremiah D. Seitz <jseitz@xxxxxxxxxxxxxxxxx>
- Date: Sun, 04 Mar 2007 18:23:23 -0500
On 3 Mar 2007 15:40:37 -0800, "Matthew Fanto" <mfanto@xxxxxxxxx>
wrote:
What you can do is just encrypt a known header and if it decrypts, the
key is correct. That is, every encrypted file has the same beginning
header, encrypted under the key of that file.
Wouldn't that provide a shortcut for a brute force attack? I assume
you mean having a constant byte sequence encrypted with the same key
as the data?
But the bigger question is, you said you store a hash of the plaintext
to validate the key, but you worry about how long it takes to verify
the plaintext. To me that sounds like you aren't doing integrity
checking on the encrypted data. Are you MACing the encrypted data?
I do currently store the hash of the plaintext, in the interest of
checking data integrity. If the ciphertext is corrupt, then the hash
of the plaintext surely wouldn't match the stored value, would it?
Let me elaborate a bit :
Init hash function
Init decrypt function
Do
Retrieve a block (64KB) of ciphertext
Decrypt the block
Add the block of plaintext to the running hash
Write the plaintext to another file
Loop
Compare hash in header to 'running' hash
I'm using a symmetric algorithm, so I'm not sure MAC would apply,
unless I've missed something, which is likely.
-Matt
J.
Jeremiah D. Seitz
Omega Techware
http://www.omegatechware.net
.
- References:
- Hash question ...
- From: Jeremiah D . Seitz
- Re: Hash question ...
- From: Matthew Fanto
- Hash question ...
- Prev by Date: Re: So i guess ambiguity PRNG's and password, do not fit your analyse model that well
- Next by Date: Re: Hash question ...
- Previous by thread: Re: Hash question ...
- Next by thread: Re: Hash question ...
- Index(es):
Relevant Pages
|
