Re: [Firebird-devel] Encrypt some more
On 11/09/2015 08:05 PM, Dimitry Sibiryakov wrote: > 09.11.2015 18:00, Jim Starkey wrote: >> It matters because if every page is encrypted with the same key and >> initial state, information can be learned by building a table of first >> blocks. If two pages have the same encryption, then an attacker knows >> that those pages have common prologs. This isn't a known plaintext >> attack, but an analysis of cryptotext. It doesn't do anything towards >> breaking the key, only to extract "leaked" information. > Here we are lucky, because in the beginning of every encrypted page only > some > meaningless pointers are placed, not user's information of any kind. > In that case encrypting something from page header seems to be bad idea. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
10.11.2015 9:57, Alex Peshkoff wrote: > In that case encrypting something from page header seems to be bad idea. For encryption algorithms that are vulnerable to known-plaintext attack - yes. Fortunately, AES is not one of them. -- WBR, SD. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
08.11.2015 20:12, Jim Starkey wrote: > Use the page number for the initialization vector. It is also pointless. -- WBR, SD. -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
09.11.2015 18:00, Jim Starkey wrote: > It matters because if every page is encrypted with the same key and > initial state, information can be learned by building a table of first > blocks. If two pages have the same encryption, then an attacker knows > that those pages have common prologs. This isn't a known plaintext > attack, but an analysis of cryptotext. It doesn't do anything towards > breaking the key, only to extract "leaked" information. Here we are lucky, because in the beginning of every encrypted page only some meaningless pointers are placed, not user's information of any kind. -- WBR, SD. -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
On 11/9/2015 11:15 AM, Dimitry Sibiryakov wrote: > 09.11.2015 16:49, Jim Starkey wrote: >> For CBC mode, the initialization vector is XORed into the first block of >> plaintext. Without this (or something like it), the first 16 bytes of >> every page would have the same encryption, allowing a mapping from >> cryptotext to presumed plaintext, possibly leaking useful information. > XORing of two known values (or doing whatever similar) won't add more > problem for > attacker because the result also will be a known plaintext. To make plaintext > unknown, > initialization vector also must be unknown. > But all this doesn't matter as AES is considered to be practically > invulnerable to > known-plaintext attacks. > It matters because if every page is encrypted with the same key and initial state, information can be learned by building a table of first blocks. If two pages have the same encryption, then an attacker knows that those pages have common prologs. This isn't a known plaintext attack, but an analysis of cryptotext. It doesn't do anything towards breaking the key, only to extract "leaked" information. Read about how Enigma and RC4 were broken. Each was the victim of sloppy crypto procedures, not plaintext attacks. -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
09.11.2015 16:49, Jim Starkey wrote: > For CBC mode, the initialization vector is XORed into the first block of > plaintext. Without this (or something like it), the first 16 bytes of > every page would have the same encryption, allowing a mapping from > cryptotext to presumed plaintext, possibly leaking useful information. XORing of two known values (or doing whatever similar) won't add more problem for attacker because the result also will be a known plaintext. To make plaintext unknown, initialization vector also must be unknown. But all this doesn't matter as AES is considered to be practically invulnerable to known-plaintext attacks. -- WBR, SD. -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
On 11/9/2015 7:37 AM, Dimitry Sibiryakov wrote: > 08.11.2015 20:12, Jim Starkey wrote: >> Use the page number for the initialization vector. > It is also pointless. For CBC mode, the initialization vector is XORed into the first block of plaintext. Without this (or something like it), the first 16 bytes of every page would have the same encryption, allowing a mapping from cryptotext to presumed plaintext, possibly leaking useful information. A fundamental principle of cryptography is never encrypt predictable stuff the same way multiple times. Violation of this led to the cracking of both Enigma and WEP. It's very hard to obscure encryptions of various versions of the same page, but using the same initialization vector for every page is unnecessary and dumb. But perhaps you have a more clever idea of how to construct a per-page initialization vector? > -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
On Sunday, November 8, 2015, Dimitry Sibiryakovwrote: > 08.11.2015 12:08, Vlad Khorsun wrote: > . > >Faster cryptoalgorithms are vulnerable to attack by known text. To make > analysis > harder, some random salt used to be appended in the beginning. > > Really? Can you give an example of a fast modern cipher that is vulnerable? RC4 is vulnerable to related key combined with known text attacks, but that requires a remarkably stupid design to exploit. The fastest credible algorithm I'm aware of is AES with the "new instructions", which is not known to be vulnerable to known text attacks unless you have a couple of billions of years n which to carry them out. Or have I missed sonething? -- Jim Starkey -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
07.11.2015 16:54, Dimitry Sibiryakov wrote: > 07.11.2015 15:49, Vlad Khorsun wrote: >>> Is it too late to include most of page header into encrypted part of >>> a page, leaving unencrypted only page type and flags? >> For what ? IIRC, pag_scn and pag_pageno is required for physical backup >> to be not encrypted > > To make pag_reserved accessible to crypt plugin without tricks with > negative offsets. > > Someone could use it for internal purposes (as salt for example). Looks like you have questionable (or wrong) design in mind and going to force it to us. More details could help to understand you. Regards, Vlad -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
08.11.2015 12:08, Vlad Khorsun wrote: > Looks like you have questionable (or wrong) design in mind and going to > force it to us. Nope. Since I have my playground named Avalerion, I have no will to force anything to you. > More details could help to understand you. Faster cryptoalgorithms are vulnerable to attack by known text. To make analysis harder, some random salt used to be appended in the beginning. Slower algorithms are... slower. -- WBR, SD. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
On 11/8/2015 7:14 AM, Dimitry Sibiryakov wrote: > 08.11.2015 12:34, James Starkey wrote: >> Or have I missed sonething? > RC4 is a stream cipher. For data pages it works much worse. > Hardware-accelerated AES is an interesting idea, thanks. > You're absolutely right about stream ciphers for pages. RC4 and ChaCha20 are definitely no-nos. The best implementation that I've found in both license terms and simplicity is D.J. Bernstein's at https://github.com/floodyberry/supercop/tree/master/crypto_aead/aes128poetv1aes128/ni. Keep in mind that you will need to use something other than ECB mode. People may quibble, but ECB is good enough for me, but if you're going to use UDP to a public disk server, you may want to rethink your choice of career. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
08.11.2015 12:34, James Starkey wrote: > Or have I missed sonething? RC4 is a stream cipher. For data pages it works much worse. Hardware-accelerated AES is an interesting idea, thanks. -- WBR, SD. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
On 11/8/2015 12:25 PM, Dimitry Sibiryakov wrote: > 08.11.2015 17:18, Jim Starkey wrote: >> Keep in mind that you will need to use something other than ECB mode. > Sure. But still there is a problem with first block and initialization > vector. That's > why I would like to have some place for a random salt. But if everybody think > that it is a > stupid idea... > Use the page number for the initialization vector. A salt is used to defeat rainbow tables -- for symmetric ciphers it doesn't buy anything more than a decent key. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
08.11.2015 17:18, Jim Starkey wrote: > Keep in mind that you will need to use something other than ECB mode. Sure. But still there is a problem with first block and initialization vector. That's why I would like to have some place for a random salt. But if everybody think that it is a stupid idea... -- WBR, SD. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
07.11.2015 14:57, Dimitry Sibiryakov wrote: > Hello, All. > > Is it too late to include most of page header into encrypted part of a > page, leaving > unencrypted only page type and flags? For what ? IIRC, pag_scn and pag_pageno is required for physical backup to be not encrypted Regards, Vlad -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Encrypt some more
07.11.2015 15:49, Vlad Khorsun wrote: >> Is it too late to include most of page header into encrypted part of a >> page, leaving >> >unencrypted only page type and flags? > For what ? IIRC, pag_scn and pag_pageno is required for physical backup > to be not encrypted To make pag_reserved accessible to crypt plugin without tricks with negative offsets. Someone could use it for internal purposes (as salt for example). -- WBR, SD. -- Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel