0

I was reading a tutorial on how to salt a key to make your encryption secure, but couldn't make much of it. I don't know a lot about cryptography, and need some help. I am using commoncrypto to encrypt files, and am done, except for the fact that it isn't secure... The ciphertext must not be the same when the user encrypts the same exact file with the same exact key twice.

This is what I have:

- (NSData *)AES256EncryptWithKey:(NSString *)key
{
   // 'key' should be 32 bytes for AES256, will be null-padded otherwise
   char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused)
   bzero( keyPtr, sizeof( keyPtr ) ); // fill with zeroes (for padding)

    NSLog(@"You are encrypting something...");

   // fetch key data
   [key getCString:keyPtr maxLength:sizeof( keyPtr ) encoding:NSUTF8StringEncoding];

   NSUInteger dataLength = [self length];

   //See the doc: For block ciphers, the output size will always be less than or 
   //equal to the input size plus the size of one block.
   //That's why we need to add the size of one block here
   size_t bufferSize = dataLength + kCCBlockSizeAES128;
   void *buffer = malloc( bufferSize );

   size_t numBytesEncrypted = 0;
   CCCryptorStatus cryptStatus = CCCrypt( kCCEncrypt, kCCAlgorithmAES128,         kCCOptionPKCS7Padding,
                                  keyPtr, kCCKeySizeAES256,
                                  NULL /* initialization vector (optional) */,
                                  [self bytes], dataLength, /* input */
                                  buffer, bufferSize, /* output */
                                  &numBytesEncrypted );
   if( cryptStatus == kCCSuccess )
   {
      //the returned NSData takes ownership of the buffer and will free it on deallocation
  return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];

   }

   free( buffer ); //free the buffer
   return nil;
}

If someone can help me out, and show me exactly how I would implement salt, that would be great! Thanks again!

  • Salting will require you do do something with it, append it to the password before hashing, or XOR with the SALT before or after encoding, you get to decide what to do with it and how to store or... salting is only part of a comprehensive security plan, and may or may not be necessary for your needs. – Grady Player Sep 19 '11 at 00:33

1 Answers1

1

First, what you are looking for here is called an initialization vector or IV. Salts are used with hashes, not ciphers. Note that both IVs and salts are specific examples of a nonce.

Now that we have terminology out of the way, what you'll want to do is use a different cipher mode. Currently you're using what's known as ECB - "electronic code book". As you have noted, it has the disadvantage that encrypting the same plaintext twice results in the same ciphertext, making it possible to reverse if the attacker can guess a potential plaintext.

There are a number of alternate cipher modes that fix this - one of the most popular ones is CBC - "cipher block chaining". Essentially, you insert a random block (the IV) at the start; then for each block, XOR the previous ciphertext block (the IV, for the first block) with the plaintext block before passing it through the cipher.

bdonlan
  • 224,562
  • 31
  • 268
  • 324
  • Thank you for all this information. I was wondering, because I'm not really familiar with these security parameters how I would go about writing this? Would you be able to provide an example? –  Sep 19 '11 at 00:45
  • @TwoDumpling, no offense, but security is really hard to get right. It's very common to have subtle bugs such that everything _seems_ to work, but you have no real security. If you can't read what I just wrote and implement it you're not qualified to write cryptographic code. I would recommend you just find a good library that does it for you - but that would be another question. – bdonlan Sep 19 '11 at 00:47
  • I agree, which is why I haven't written my own cryptography code. I am using a popular open source NSData class I found online. Also, I haven't taken a look at the links yet, so lets not jump to conclusions just yet. –  Sep 19 '11 at 00:51
  • Quick question, I was wondering, are salts implemented the same way IVs are, except you append the salt to the key? Also are there any good cocoa encryption libraries that utilize salts? Thanks!! –  Oct 11 '11 at 16:10
  • @TwoDumpling, salts are something completely different. http://stackoverflow.com/questions/420843/how-does-password-salt-help-against-a-rainbow-table-attack – bdonlan Oct 11 '11 at 16:47
  • Yes of course they are different, but is the implementation of them the same. like data AES256EncryptWithKey:key salt:salt -> where the salt is some randomly generated data. –  Oct 11 '11 at 17:12
  • No, I mean they're _completely_ different. Unrelated. Don't even think of them the same way. Read the question I linked. – bdonlan Oct 11 '11 at 18:19
  • Yes I know they are completely different. I'll read the question. Thanks –  Oct 11 '11 at 20:11