The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:cipherfeedback

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
pgpfan:cipherfeedback [2021/07/29 14:46] – At least one example... b.walzerpgpfan:cipherfeedback [2021/12/17 12:55] – Failed to show what was being made into a TLA. b.walzer
Line 1: Line 1:
 ======Cipher Feedback; a Paean====== ======Cipher Feedback; a Paean======
  
-A method called cipher feedback (CFB) is used in OpenPGP to prevent data leakage and modification. It seems appropriate here to discuss the advantages of this method.+A method called cipher feedback (CFB) is used in OpenPGP to prevent data leakage and make modification more difficult. It seems appropriate here to discuss the advantages of this method.
  
 OpenPGP, like most other systems, uses a something called a block cipher to encrypt things. You start with a fixed block of data (usually 16 bytes), run it through the block cipher encryption function, and end up with an encrypted block of data of the same length. To get back the original data you run the encrypted block through the block cipher decryption function. OpenPGP, like most other systems, uses a something called a block cipher to encrypt things. You start with a fixed block of data (usually 16 bytes), run it through the block cipher encryption function, and end up with an encrypted block of data of the same length. To get back the original data you run the encrypted block through the block cipher decryption function.
Line 9: Line 9:
 If an attacker has some idea what is encrypted in the blocks they might be able to shuffle/duplicate/delete them in a way that might mislead you after they are decrypted. Because all the blocks with the same data will encrypt to the same value, an attacker might be able to see patterns that might give them some idea of what that data is. If an attacker has some idea what is encrypted in the blocks they might be able to shuffle/duplicate/delete them in a way that might mislead you after they are decrypted. Because all the blocks with the same data will encrypt to the same value, an attacker might be able to see patterns that might give them some idea of what that data is.
  
-CFB (the thing that OpenPGP does) is a method that overcomes these shortcomings. Instead of encrypting the block you instead encrypt the last encrypted value, add the block in, and use this as the next encrypted value. Very simple.+Cipher Feedback (CFB(the thing that OpenPGP does) is a method that overcomes these shortcomings. Instead of encrypting the block you instead encrypt the last encrypted value, add the block in, and use this as the next encrypted value. Very simple.
  
 Patterns in the encrypted output are eliminated. Since CFB uses the popular technique of adding in the block to make the encrypted value it is possible to flip bits in the eventual unencrypted output. CFB imposes a cost to such modification however. Even a single bit flipped in a block will result in the entire next block coming out as random garbage. Attempts to shuffle/duplicate/delete the blocks will cause such random garbage at the edges of the modified areas. Attacks must work around this garbage and the corresponding lost data. As a result such attacks are significantly more difficult. Patterns in the encrypted output are eliminated. Since CFB uses the popular technique of adding in the block to make the encrypted value it is possible to flip bits in the eventual unencrypted output. CFB imposes a cost to such modification however. Even a single bit flipped in a block will result in the entire next block coming out as random garbage. Attempts to shuffle/duplicate/delete the blocks will cause such random garbage at the edges of the modified areas. Attacks must work around this garbage and the corresponding lost data. As a result such attacks are significantly more difficult.
Line 25: Line 25:
 OpenPGP has multiple implementations in common use. So a user of OpenPGP can be sure of CFB protection. The user of a system that merely checks for modification can not be entirely sure that the check is currently protective. Message modification is very rare. A broken check might not be noticed for a long time. OpenPGP has multiple implementations in common use. So a user of OpenPGP can be sure of CFB protection. The user of a system that merely checks for modification can not be entirely sure that the check is currently protective. Message modification is very rare. A broken check might not be noticed for a long time.
  
-The [[https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|EFAIL]] venerability is an excellent example of this. It involved the modification of OpenPGP formatted messages. It turned out that some email clients were sending these modified messages to an an interpreter that leaked data (HTML) after decrypting them. The clients in question were ignoring the OpenPGP provided modification check ([[pgpfan:mdc)|MDC]]). CFB contributed significantly to the difficulty and impracticality of the attack.+The [[https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|EFAIL]] vunerability is an excellent example of this. It involved the modification of OpenPGP formatted messages. It turned out that some email clients were sending these modified messages to an an interpreter that leaked data (HTML) after decrypting them. The clients in question were ignoring the OpenPGP provided modification check ([[pgpfan:mdc)|MDC]]). CFB contributed significantly to the difficulty and impracticality of the attack.
  
pgpfan/cipherfeedback.txt · Last modified: 2022/05/09 17:05 by b.walzer