The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:ocfb

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
pgpfan:ocfb [2022/05/20 23:41] – created b.walzerpgpfan:ocfb [2022/12/27 22:56] (current) – More truth. b.walzer
Line 7: Line 7:
 {{cfb.svg}} {{cfb.svg}}
  
-The "Unique Value" here is a value (usually just random) that makes the message unique, even if you have encrypted the same message in the past. The fact that you are sending the same or similar messages is a type of information leak.+The "Unique Value" here is a value (usually just random) that makes the message unique, even if you have encrypted the same message in the past encrypted with the same key. The fact that you are sending the same or similar messages is a type of information leak.
  
 The problem here is that the unique value is required to decrypt the message. So it has to be passed along with the message and can't be encrypted. So an attacker knows what it is and can change it to whatever they want. This allows them to, say, quietly chop off the start of the message without penalty. The problem here is that the unique value is required to decrypt the message. So it has to be passed along with the message and can't be encrypted. So an attacker knows what it is and can change it to whatever they want. This allows them to, say, quietly chop off the start of the message without penalty.
  
-This is (again roughly) how OpenPGP starts up cipher feedback:+This is (roughly) how OpenPGP starts up cipher feedback:
  
 {{ocfb.svg}} {{ocfb.svg}}
  
-Now we have a fixed value of zero where the unique value used to be. So the attacker no longer has any ability to modify it. The result of encrypting a zero value produces an unpredictable value based on the key the attacker does not know. That value is combined with the unique value (that the attacker also doesn'know) and is encrypted. This encrypted value now becomes the start of the message (it is thrown away after decryption). This scheme provides the benefit of the conventional method while providing the attacker no useful information. Attempts to, say, chop off the start of the message will result in the traditional cipher feedback penalty.+Now we have a fixed value of zero where the unique value used to be. So the attacker no longer has any ability to modify it. The result of encrypting a zero value produces an unpredictable value based on the key the attacker does not know. That value is combined with the unique value (that must be random in this case so that the attacker can'guess it) and becomes the start of the message (it is thrown away after decryption). This scheme provides the benefit of the conventional method while providing the attacker no useful information. Attempts to, say, chop off the start of the message will result in the traditional cipher feedback penalty.
  
 This OpenPGP cipher feedback (OCFB) scheme works very well in combination with the OpenPGP [[pgpfan:mdc|Modification Detection Code]]. This OpenPGP cipher feedback (OCFB) scheme works very well in combination with the OpenPGP [[pgpfan:mdc|Modification Detection Code]].
  
pgpfan/ocfb.1653090100.txt.gz · Last modified: 2022/05/20 23:41 by b.walzer