|
Many thanks for a fantastic explanation and for taking the time to
help me. I was just reading some docs there pointing me to this but you
have saved me a good few hours. I will search out info for python info on PBKDF2 many thanks for that. Just quickly though in point 3 does that mean I should use ECB mode or not if I am going to split the file and send two parts to different locations? Again fantastic response to what must be silly questions for someone like yourself. David Marek Marcola wrote: Hello,1: How is the IV handled in (AES) encryption - I can see supplying an initial vector is good but it also appears this should change with every encryption (if you like). So does a user have to know this + key ?IV is used by encryption mode (like CBC) not by encryption algorithm like AES. But if we are talking of AES in CBC mode then AES key and IV should be known on both sides to successful encrypt/decrypt. In this case AES key should be random 16/24/32 bytes and IV should be random 16 bytes (AES block size). From user point of view this is not very ease to remember and for this purpose exists password based key deriviation functions like PBKDF2 in PKCS#5 and password (or passphrase) - easy to memorize - is one of parameter of this function (other are salt, iteration count) and as output you may get for example 32 "random" bytes (16 for AES key and 16 for IV).2: Is it possible to alter a key size say I am using SHA256 and want to output a SHA256 hash of a users password to use as a key ? Also can I pass something to openssl to get a hex digest ?Size of AES key (16/24/32) may not be altered but with (for example) PBKDF2 you may use any password/passphrase to get specified amount of random data (which may be used as AES key/IV).3: If a cracker can only retrieve 1 part of an encrypted file that has been deliberately split up - would having this 'part file' help or hinder the task of decrypting the contents of that file.Depends on encryption mode - in ECB - yes :-)4: Is there a way that when attempting to decrypt a file you cannot know if you have been successful, i.e. you don't know the contents and try a key - you get an output from the attempt but it is not obvious if that output is correct (i.e file encrypted multiple times) or do all the encryption algorithms give a pass or fail or empty output. (i.e I tell you my pass-phrase is X and you use this to get output Y but you don't know what output Y is [could be further encryption], can you tell just be running the decryption algorithm that the key was a valid key?)Block decryption process of AES is always successful (I mean - algorithm) but what you will get after that (garbage or real data) depends on key. Best regards, |
begin:vcard fn:David Irvine n:;David Irvine org:Ayrshire Business Consulting Ltd. adr:;;3 Wellington Square ;Ayr;Ayrshire;KA71EN;Scotland email;internet:[EMAIL PROTECTED] tel;cell:+44(0)7977583031 x-mozilla-html:TRUE url:http://www.open-source-consulting.org version:2.1 end:vcard
