$ openssl enc -des-ecb -d -in ciphertext.bin -out received2.txt -iv a499056833bb3ac1 -K 001e53e887ee55f2 -nopad I've changed the last hexadecimal digit of the key from "1" to "2". Now lets try and decrypt again, but this time using the wrong key. rw-r-r- 1 sgordon sgordon 72 Nov 11 16:43 received.txt Of course, it matches the original plaintext message. $ openssl enc -des-ecb -d -in ciphertext.bin -out received.txt -iv a499056833bb3ac1 -K 001e53e887ee55f1 -nopadĪnd look at the decrypted value. rw-r-r- 1 sgordon sgordon 72 Nov 11 16:42 ciphertext.bin Another mode of operation, like CBC, should be used. This is insecure (especially for long plaintext). Since ECB is used, repetitions in input plaintext blocks will result in repetitions in output ciphertext blocks. This is because it corresponds to the encryption of the same original plaintext " secure " (recall that word was repeated in the plaintext, in the positions such that it is in a 64-bit block). But closer inspection you see there is some structure: the 4th and 7th lines of the xxd output are the same. And on initial view, the ciphertext looks random (as expected). First note it is the same length as the plaintext (as expected, when no padding is used). $ openssl enc -des-ecb -e -in plaintext.txt -out ciphertext.bin -iv a499056833bb3ac1 -K 001e53e887ee55f1 -nopad The IV and Key are taken from the outputs of /dev/urandom and OpenSSL PRNG above. The Linux kernel has a pseudo-device /dev/urandom which is considered cryptographically strong PRNG for most applications.You can also see that the seed is based on the current time and process ID.) (To see the details of the LCG algorithm used, look in the Bash source code after downloading and unpackaging the source, look in the file variables.c, search for the function brand. I include it here only as an example I do not use the output. This is not a cryptographically strong PRNG and should NOT be used to keys. It uses a Linear Congruential Generator to return a value between 0 and 32,767. The Bash shell has a built-in random number generator, which is accessed from the shell variable $RANDOM.There are different ways to generate a random value in Linux. For security, they should be randomly chosen. To encrypt with DES-ECB we need a secret key (as well as an initialisation vector). From now on, I'll only look at the hexadecimal values (not binary).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |