3

Im currently trying to learn some stuff about encryption, it's algorithms and how it works in general. I was thinking about a way to go for encrypting large files and the only way feasible to me seems using a symmetric key algorithm.

So i was looking at AES, and while passing 64k or 32k blocks of bytes to a AES object that you create using a hash of the password seems ok , i'm still curious as to the safest way to do this as i keep reading that cryptography is very easy to mess up.

So i get a passphrase, i get its SHA256 checksum, i use that for a key when creating my encrypt/decrypt object.

Other things i couldn't find an answer for : should i use an IV ? if so i have to make sure the object uses the same IV on decryption that it used on encryption...how do i do that?

Why did i see someone around here say that you should pad the last block of the file even if the number of bytes is divisible by 16?

What type of encryption mode should best be used?

Could you recommend any other resources to go about for learning more about security/cryptography?

Thank you in advance

omu_negru
  • 4,642
  • 4
  • 27
  • 38

2 Answers2

5

To look at some of your questions.

Use CTR mode or CBC mode for most purposes. If you need built-in authentication use Galois Counter Mode (GCM). Otherwise use a separate HMAC for authentication, with a different key.

An IV is needed with all three suggested modes, though in CTR mode it is sometimes called a nonce instead. It can be sent in clear, and is usually prepended to the cyphertext.

Padding should always be used. Select PKCS7 or PKCS5, they are effectively the same.

For learning about Cryptography, I would suggest 'Practical Cryptography' by Ferguson and Schneier. I understand that there is an updated version, called 'Cryptography Engineering', which I have not read.

rossum
  • 15,344
  • 1
  • 24
  • 38
2
  1. Don't use direct hash of the passphrase, but use (or create) a KDF
  2. You definitely should use IV. You can store it as the first block of your file.
  3. I would personally probably use AES_MODE.CTR - See Wikipedia for Why? and Alex Martelli's answer to this old question for How?
Community
  • 1
  • 1
Kimvais
  • 38,306
  • 16
  • 108
  • 142
  • do you mean store a non encrypted version of the IV inside the encrypted file? – omu_negru Apr 03 '12 at 08:34
  • i think i read in Cryptography Engineering that CBC mode is still more robust/ resistant to abuse (repeating the IV) as opposed to the CTR mode , where repeating the IV/nonce can have more serious consequences – omu_negru May 10 '12 at 13:57
  • @omu_negru That was mostly a reaction to the series of broken RNGs that were discovered around the time that Cryptography Engineering was published. With CBC mode, the IV used for each block of ciphertext needs to be unpredictable, or you're vulnerable to a chosen-plaintext fingerprinting attack, and it's harder to encapsulate workarounds for that into a crypto layer. CTR mode is simpler to use, as long as you really don't repeat the nonce. The first edition of the book (under the title, "Practical Cryptography") recommended CTR mode, and it's probably still the better choice. – dlitz Aug 10 '12 at 21:26