Re: [openssl-users] different encrypted text for the same plain text message

2016-07-30 Thread Dr. Stephen Henson
On Sat, Jul 30, 2016, R-D intern wrote: > Thank you, Stephen. > You answered regarding randomness in different sessions if session > resumption is on. But my question revolves around the same messages within > the same Session. How different encrypted texts are formed of the same > plaintext

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-30 Thread R-D intern
Thank you, Stephen. You answered regarding randomness in different sessions if session resumption is on. But my question revolves around the same messages within the same Session. How different encrypted texts are formed of the same plaintext between a client -server? Is it only the iv changes

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread Dr. Stephen Henson
On Fri, Jul 29, 2016, R-D intern wrote: > Hello Benjamin, > Thanks for the reply. > I know the purpose and benefit of creating different cipher texts of the > same corresponding plain text.But I would like to know about the places > where this randomness gets introduced to create different

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread R-D intern
Thank you, Jakob. I had read that the earlier versions IV logic used to use the last block of the ciphertext as the IV for the next message and this proved vulnerable giving way to reflection attacks. But is it only the IV that changes? the bulk encryption and MAC keys remain constant throughput

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread Jakob Bohm
On 29/07/2016 09:23, R-D intern wrote: Hello Benjamin, Thanks for the reply. I know the purpose and benefit of creating different cipher texts of the same corresponding plain text.But I would like to know about the places where this randomness gets introduced to create different encrypted

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-29 Thread R-D intern
Hello Benjamin, Thanks for the reply. I know the purpose and benefit of creating different cipher texts of the same corresponding plain text.But I would like to know about the places where this randomness gets introduced to create different encrypted texts.Because SSL handshake takes place only

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-28 Thread Short, Todd
Rich Salz basically told this guy to read Wikipedia about cryptography… :) -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On Jul 28, 2016, at 11:15 AM, Benjamin Kaduk > wrote:

Re: [openssl-users] different encrypted text for the same plain text message

2016-07-28 Thread Benjamin Kaduk
There are several places where a per-connection random input is introduced, with a specific goal of making encryptions of the same plaintext produce different ciphertexts (as well as other benefits). If a plaintext always produced the same ciphertext, then an attacker could make a dictionary of

[openssl-users] different encrypted text for the same plain text message

2016-07-28 Thread R-D intern
Hello, I am using ECDSA-ECDHE-AES-SHA cipher suite for client -server security.I tried understanding the mechanism handshake mechanism. What still quizzes me is ; communication between a specific client -server for a specific session generates different encrypted text for the same plain text