Re: [Firebird-devel] Encrypt some more

[Alex Peshkoff]

On 11/09/2015 08:05 PM, Dimitry Sibiryakov wrote:
> 09.11.2015 18:00, Jim Starkey wrote:
>> It matters because if every page is encrypted with the same key and
>> initial state, information can be learned by building a table of first
>> blocks.  If two pages have the same encryption, then an attacker knows
>> that those pages have common prologs.  This isn't a known plaintext
>> attack, but an analysis of cryptotext.  It doesn't do anything towards
>> breaking the key, only to extract "leaked" information.
> Here we are lucky, because in the beginning of every encrypted page only 
> some
> meaningless pointers are placed, not user's information of any kind.
>

In that case encrypting something from page header seems to be bad idea.


--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

10.11.2015 9:57, Alex Peshkoff wrote:
> In that case encrypting something from page header seems to be bad idea.

   For encryption algorithms that are vulnerable to known-plaintext attack - 
yes. 
Fortunately, AES is not one of them.

-- 
   WBR, SD.

--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

08.11.2015 20:12, Jim Starkey wrote:
> Use the page number for the initialization vector.

   It is also pointless.

-- 
   WBR, SD.

--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

09.11.2015 18:00, Jim Starkey wrote:
> It matters because if every page is encrypted with the same key and
> initial state, information can be learned by building a table of first
> blocks.  If two pages have the same encryption, then an attacker knows
> that those pages have common prologs.  This isn't a known plaintext
> attack, but an analysis of cryptotext.  It doesn't do anything towards
> breaking the key, only to extract "leaked" information.

   Here we are lucky, because in the beginning of every encrypted page only 
some 
meaningless pointers are placed, not user's information of any kind.

-- 
   WBR, SD.

--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Jim Starkey]

On 11/9/2015 11:15 AM, Dimitry Sibiryakov wrote:
> 09.11.2015 16:49, Jim Starkey wrote:
>> For CBC mode, the initialization vector is XORed into the first block of
>> plaintext.  Without this (or something like it), the first 16 bytes of
>> every page would have the same encryption, allowing a mapping from
>> cryptotext to presumed plaintext, possibly leaking useful information.
> XORing of two known values (or doing whatever similar) won't add more 
> problem for
> attacker because the result also will be a known plaintext. To make plaintext 
> unknown,
> initialization vector also must be unknown.
> But all this doesn't matter as AES is considered to be practically 
> invulnerable to
> known-plaintext attacks.
>
It matters because if every page is encrypted with the same key and 
initial state, information can be learned by building a table of first 
blocks.  If two pages have the same encryption, then an attacker knows 
that those pages have common prologs.  This isn't a known plaintext 
attack, but an analysis of cryptotext.  It doesn't do anything towards 
breaking the key, only to extract "leaked" information.

Read about how Enigma and RC4 were broken.  Each was the victim of 
sloppy crypto procedures, not plaintext attacks.


--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

09.11.2015 16:49, Jim Starkey wrote:
> For CBC mode, the initialization vector is XORed into the first block of
> plaintext.  Without this (or something like it), the first 16 bytes of
> every page would have the same encryption, allowing a mapping from
> cryptotext to presumed plaintext, possibly leaking useful information.

   XORing of two known values (or doing whatever similar) won't add more 
problem for 
attacker because the result also will be a known plaintext. To make plaintext 
unknown, 
initialization vector also must be unknown.
   But all this doesn't matter as AES is considered to be practically 
invulnerable to 
known-plaintext attacks.

-- 
   WBR, SD.

--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Jim Starkey]

On 11/9/2015 7:37 AM, Dimitry Sibiryakov wrote:
> 08.11.2015 20:12, Jim Starkey wrote:
>> Use the page number for the initialization vector.
> It is also pointless.

For CBC mode, the initialization vector is XORed into the first block of 
plaintext.  Without this (or something like it), the first 16 bytes of 
every page would have the same encryption, allowing a mapping from 
cryptotext to presumed plaintext, possibly leaking useful information.

A fundamental principle of cryptography is never encrypt predictable 
stuff the same way multiple times.  Violation of this led to the 
cracking of both Enigma and WEP.

It's very hard to obscure encryptions of various versions of the same 
page, but using the same initialization vector for every page is 
unnecessary and dumb.

But perhaps you have a more clever idea of how to construct a per-page 
initialization vector?
>


--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[James Starkey]

On Sunday, November 8, 2015, Dimitry Sibiryakov  wrote:

> 08.11.2015 12:08, Vlad Khorsun wrote:
> .
>
>Faster cryptoalgorithms are vulnerable to attack by known text. To make
> analysis
> harder, some random salt used to be appended in the beginning.
>
>

Really?  Can you give an example of a fast modern cipher that is
vulnerable?  RC4 is vulnerable to related key combined with known
text attacks, but that requires a remarkably stupid design to exploit.

The fastest credible algorithm I'm aware of is AES with the "new
instructions", which is not known to be vulnerable to known text attacks
unless you have a couple of billions of years n which to carry them out.

Or have I missed sonething?


-- 
Jim Starkey
--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Vlad Khorsun]

07.11.2015 16:54, Dimitry Sibiryakov wrote:
> 07.11.2015 15:49, Vlad Khorsun wrote:
>>>   Is it too late to include most of page header into encrypted part of 
>>> a page, leaving
 unencrypted only page type and flags?
>>  For what ? IIRC, pag_scn and pag_pageno is required for physical backup 
>> to be not encrypted
>
> To make pag_reserved accessible to crypt plugin without tricks with 
> negative offsets.
 >
> Someone could use it for internal purposes (as salt for example).

   Looks like you have questionable (or wrong) design in mind and going to 
force it to us.
More details could help to understand you.


Regards,
Vlad

--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

08.11.2015 12:08, Vlad Khorsun wrote:
> Looks like you have questionable (or wrong) design in mind and going to 
> force it to us.

   Nope. Since I have my playground named Avalerion, I have no will to force 
anything to you.

> More details could help to understand you.

   Faster cryptoalgorithms are vulnerable to attack by known text. To make 
analysis 
harder, some random salt used to be appended in the beginning.
   Slower algorithms are... slower.

-- 
   WBR, SD.

--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Jim Starkey]

On 11/8/2015 7:14 AM, Dimitry Sibiryakov wrote:
> 08.11.2015 12:34, James Starkey wrote:
>> Or have I missed sonething?
> RC4 is a stream cipher. For data pages it works much worse.
> Hardware-accelerated AES is an interesting idea, thanks.
>
You're absolutely right about stream ciphers for pages.  RC4 and 
ChaCha20 are definitely no-nos.

The best implementation that I've found in both license terms and 
simplicity is D.J. Bernstein's at 
https://github.com/floodyberry/supercop/tree/master/crypto_aead/aes128poetv1aes128/ni.

Keep in mind that you will need to use something other than ECB mode.  
People may quibble, but ECB is good enough for me, but if you're going 
to use UDP to a public disk server, you may want to rethink your choice 
of career.




--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

08.11.2015 12:34, James Starkey wrote:
> Or have I missed sonething?

   RC4 is a stream cipher. For data pages it works much worse.
   Hardware-accelerated AES is an interesting idea, thanks.

-- 
   WBR, SD.

--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Jim Starkey]

On 11/8/2015 12:25 PM, Dimitry Sibiryakov wrote:
> 08.11.2015 17:18, Jim Starkey wrote:
>> Keep in mind that you will need to use something other than ECB mode.
> Sure. But still there is a problem with first block and initialization 
> vector. That's
> why I would like to have some place for a random salt. But if everybody think 
> that it is a
> stupid idea...
>

Use the page number for the initialization vector.  A salt is used to 
defeat rainbow tables -- for symmetric ciphers it doesn't buy anything 
more than a decent key.

--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

08.11.2015 17:18, Jim Starkey wrote:
> Keep in mind that you will need to use something other than ECB mode.

   Sure. But still there is a problem with first block and initialization 
vector. That's 
why I would like to have some place for a random salt. But if everybody think 
that it is a 
stupid idea...

-- 
   WBR, SD.

--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Vlad Khorsun]

07.11.2015 14:57, Dimitry Sibiryakov wrote:
> Hello, All.
>
> Is it too late to include most of page header into encrypted part of a 
> page, leaving
> unencrypted only page type and flags?

   For what ? IIRC, pag_scn and pag_pageno is required for physical backup to 
be not encrypted

Regards,
Vlad


--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Re: [Firebird-devel] Encrypt some more

[Dimitry Sibiryakov]

07.11.2015 15:49, Vlad Khorsun wrote:
>>  Is it too late to include most of page header into encrypted part of a 
>> page, leaving
>> >unencrypted only page type and flags?
> For what ? IIRC, pag_scn and pag_pageno is required for physical backup 
> to be not encrypted

   To make pag_reserved accessible to crypt plugin without tricks with negative 
offsets. 
Someone could use it for internal purposes (as salt for example).

-- 
   WBR, SD.

--
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel