pgpfan:mdc
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| pgpfan:mdc [2023/12/11 13:30] – Structure, we have to directly address the 16 bits of security thing b.walzer | pgpfan:mdc [2024/06/29 21:25] (current) – The technical article now exists. b.walzer | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ======The OpenPGP Modification Detection Code is Actually Good====== | ======The OpenPGP Modification Detection Code is Actually Good====== | ||
| + | |||
| + | //A more detailed (and technical) article covering the same ground as this one exists: [[pgpfan: | ||
| I once worked for a company that had a strange and intriguing dilemma. They had a popular Product. Marketing determined that the popularity was due to the fact that the Product lasted significantly longer than competing products. No one in the company had the faintest idea why that was the case. The design did not differ in any obvious way from the design used by the competition. While I was there, an engineering project was initiated with the hope of understanding why the Product was better. I left the company before any definite result. For all I know the mystery still remains. | I once worked for a company that had a strange and intriguing dilemma. They had a popular Product. Marketing determined that the popularity was due to the fact that the Product lasted significantly longer than competing products. No one in the company had the faintest idea why that was the case. The design did not differ in any obvious way from the design used by the competition. While I was there, an engineering project was initiated with the hope of understanding why the Product was better. I left the company before any definite result. For all I know the mystery still remains. | ||
| Line 61: | Line 63: | ||
| The MDC is secure and is well suited to the sort of offline encryption that the OpenPGP standard embodies. [[pgpfan: | The MDC is secure and is well suited to the sort of offline encryption that the OpenPGP standard embodies. [[pgpfan: | ||
| - | |||
| - | =====A Less Intuitive, More Technical Explanation===== | ||
| - | |||
| - | OCFB-MDC is a case of hash then encrypt. The cipher block mode is the modified version of cipher feedback used by OpenPGP (OCFB). The modification is | ||
| - | the addition of a prefix block consisting of random data. The traditional CFB initialization vector (IV) is replaced by the encryption of a block of zeros. | ||
| - | This serves to prevent an attacker from being able to get access to either the IV or the plaintext value of the random data prefix block. | ||
| - | |||
| - | The modification detection code (MDC) is a SHA1 hash of the random data prefix block and the plaintext message. The inclusion of the random data makes the | ||
| - | MDC unpredictable and prevents known plaintext based modification. It has been argued that making the hash unavailable to the attacker in this way is a requirement for a secure construct of this type(([[https:// | ||
| - | |||
| - | OCFB-MDC is immune to the classic attacks against hash then encrypt that involve getting the victim to encrypt an attack message that is later truncated to | ||
| - | produce a second valid message. | ||
| =====References===== | =====References===== | ||
pgpfan/mdc.1702301459.txt.gz · Last modified: 2023/12/11 13:30 by b.walzer