pgpfan:cipherfeedback
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
pgpfan:cipherfeedback [2021/07/28 20:02] – created b.walzer | pgpfan:cipherfeedback [2022/05/09 17:05] (current) – Clearer b.walzer | ||
---|---|---|---|
Line 1: | Line 1: | ||
======Cipher Feedback; a Paean====== | ======Cipher Feedback; a Paean====== | ||
- | A method called cipher feedback (CFB) is used in OpenPGP to prevent data leakage and modification. It seems appropriate here to discuss the advantages of this method. | + | A method called cipher feedback (CFB) is used in OpenPGP to prevent data leakage and make modification |
OpenPGP, like most other systems, uses a something called a block cipher to encrypt things. You start with a fixed block of data (usually 16 bytes), run it through the block cipher encryption function, and end up with an encrypted block of data of the same length. To get back the original data you run the encrypted block through the block cipher decryption function. | OpenPGP, like most other systems, uses a something called a block cipher to encrypt things. You start with a fixed block of data (usually 16 bytes), run it through the block cipher encryption function, and end up with an encrypted block of data of the same length. To get back the original data you run the encrypted block through the block cipher decryption function. | ||
Line 9: | Line 9: | ||
If an attacker has some idea what is encrypted in the blocks they might be able to shuffle/ | If an attacker has some idea what is encrypted in the blocks they might be able to shuffle/ | ||
- | CFB (the thing that OpenPGP does) is a method that overcomes these shortcomings. Instead of encrypting the block you instead encrypt the last encrypted value, add the block in, and use this as the next encrypted value. Very simple. | + | Cipher Feedback (CFB) (the thing that OpenPGP does) is a method that overcomes these shortcomings. Instead of encrypting the block you instead encrypt the last encrypted value, add the block in, and use this as the next encrypted value. Very simple. |
- | Patterns in the encrypted output are eliminated. Since CFB uses the popular technique of adding in the block to make the encrypted | + | Patterns in the encrypted output are eliminated. Since CFB uses the popular technique of adding in the unencrypted |
+ | |||
+ | {{cfb_damage.svg}} | ||
+ | |||
+ | |||
+ | Attacks must work around | ||
CFB has some desirable secondary characteristics: | CFB has some desirable secondary characteristics: | ||
Line 17: | Line 22: | ||
CFB uses the encryption function for both encryption and decryption(([[wp> | CFB uses the encryption function for both encryption and decryption(([[wp> | ||
- | CFB is self synchronizing. Corrupt or missing blocks will cause the next block to be random garbage but the following and subsequent data will be decrypted properly. This is consistent with the principle that encryption should not destroy | + | CFB is self synchronizing. Corrupt or missing blocks will cause the next block to be random garbage but the following and subsequent data will be decrypted properly. This is consistent with the principle that encryption should not prevent |
CFB requires no extra complication when the data does not completely fill the last block. It just works. | CFB requires no extra complication when the data does not completely fill the last block. It just works. | ||
- | The protection provided by CFB is intrinsic. It becomes an essential part of the protocol. If it is implemented incorrectly it will not interoperate with correct implementations. Contrast this with schemes that only check for modification and do nothing to prevent it in the first place. | + | CFB decryption can be done in parallel. You can take separate sections of an encrypted message/ |
+ | |||
+ | The protection provided by CFB is intrinsic. It becomes an essential part of the protocol. If it is implemented incorrectly it will not interoperate with correct implementations. Contrast this with schemes that only check for modification and do nothing to prevent it in the first place((The popular [[wp> | ||
- | OpenPGP has multiple implementations in common use. So a user of OpenPGP can be sure of CFB protection. The user of a system that merely checks for modification can not be entirely sure that the check is currently protective. Message modification is very rare and a false indication of unmodified data could easily | + | OpenPGP has multiple implementations in common use. So a user of OpenPGP can be sure of CFB protection. The user of a system that merely checks for modification can not be entirely sure that the check is currently protective. Message modification is very rare. A broken check might not be noticed for a long time. |
- | The [[https:// | + | The [[https:// |
pgpfan/cipherfeedback.1627502535.txt.gz · Last modified: 2021/07/28 20:02 by b.walzer