Re: processing same stream in parallel

['Maricel Gregoraschko' via Crypto++ Users]

I was doing something likebyte* vector[ AES_CIPHER_KEY_LEN + CIPHER_IV_LEN + 
MAC_KEY_LEN ];PBKDF2( pwd, salt, iterations, out key, out key_len_above ];Then 
taking the corresponding bytes from the vector to form the key, iv and mac key 
respectively. I took this from Botan's cryptobox.
>master_key = PBKDF(password, salt, iterations, useage)You mean use salt + 
>useage concatenated, as the salt parameter to PBKDF2, right?
Your approach seems to take safety (as far as keys being independent of each 
other), a little further, I'll go with it. I wonder how big of a difference 
there is. 

Thanks!
      From: Jeffrey Walton <noloa...@gmail.com>
 To: cryptopp-users@googlegroups.com 
Cc: noloa...@gmail.com; maricelgregorasc...@yahoo.com; 
maricelgregorasc...@yahoo.com 
 Sent: Sunday, April 5, 2015 11:59 PM
 Subject: Re: processing same stream in parallel
   


On Sunday, April 5, 2015 at 11:26:15 PM UTC-4, Maricel Gregoraschko wrote:
Also, in order to get the authentication right (not using an authenticated mode 
like GCM/EAX), is there anything else obvious that I should be aware of other 
than making sure I calculate the HMAC(SHA256/512) on the cipher text, not 
plain, and use a different MAC key than the cipher key, and if deriving it from 
a passphrase, generate it with a computationally heavy KDF? Thank you!
Independent key derivation.

In pseudo code, something like:

    master_key = PBKDF(password, salt, iterations, useage)

Useage is just a label like "Master key derivation for Maricel's Algorithm". It 
tries to ensure master_key differs under the same parameters.

Then:

    enc_key = KDF(master_key, salt, iteration, "encryption key")
    enc_iv = KDF(master_key, salt, iteration, "encryption iv")
    hamc_key = KDF(master_key, salt, iteration, "hmac key")

Now you have your independent keys for your block cipher and hamc.

      From: Maricel Gregoraschko <maricelgr...@yahoo.com >
 To: Jeffrey Walton <nolo...@gmail.com>; "cryptop...@googlegroups. com" 
<cryptop...@googlegroups. com> 
 Sent: Sunday, April 5, 2015 11:20 PM
 Subject: Re: processing same stream in parallel
   
Jeffrey,Thank you very much for your insights and details.I was indeed looking 
to do HMAC on cipher text, not directly on clear text. I asked the question 
wrong.Your code using putMessage=true was what I needed, but it's also good to 
know that ChannelSwitch is the equivalent of Fork.I looked at the crash in the 
sample that you gave, and started by assuming there was something in 
HashVerificationFilter that made it send the wrong data to CBC_Encryption; I 
followed the data through all the hoops all the way down to AESNI_ 
AdvancedProcessBlocks(), until I realized it was on its subkeys  parameter that 
the read violation was occurring. Turns out the key wasn't 
set:CBC_Mode<AES>::Encryption encryptor;
encryptor.SetKeyWithIV(keys. data() + 0 /*key*/, 16, keys.data() + 16 /*iv*/, 
16);
CBC_Mode<AES>::Decryption decryptor;
encryptor.SetKeyWithIV(keys. data() + 0 /*key*/, 16, keys.data() + 16 /*iv*/, 
16); //needs to be decryptor.SetKeyWithIV....

Quite an easy mistake to make with boilerplate code, and it's a bit 
disconcerting that the decryption class wouldn't at a minimum make a basic 
check that the key was set by the client, before proceeding to use it. 
>You will *always* have to touch the data twice. 
If I understand you correctly, you are saying each block of data/chunk needs to 
be read twice (once in memory, from there), once as input to the encryption 
cipher, and once as input to the hmac? That makes sense. I was referring to not 
reading it off the disk twice, e.g. in the case of doing hmac on plain text 
from a file, not going twice through the input stream (first to encrypt, then 
resetting the stream, and reading through it again for the mac). 
putMessage=true, or Fork/ChannelSwitch help with that.
By the way, you are linking to wiki pages (Authenticated_Encryption, 
ChannelSwitch), that I see no way to get to from cryptopp main wiki 
pagehttp://www.cryptopp.com/wiki/ Main_Page - private



I had no clue they existed, and it seems there are many more. I see no table of 
contents, no index and no search, how does one get to the documentation without 
knowing exact URL's of specific pages?
The source code is incredibly sparsely documented, is there annotated code 
elsewhere? Am I looking in the wrong place?
How is one supposed to know what putMessage=true means in HashFilter()? Or the 
fact that HashVerificationFilter() takes in the message + hash at the end if 
you use HashVerificationFilter:: HASH_AT_END and it outputs just the message 
with the hash stripped if you use HashVerificationFilter::PUT_ MESSAGE?Or the 
fact that ChannelSwitch exists and what it's used for? People just browse 
through source code, look at classes and go "there it is! that's what I'm 
looking for!"? :)
One more question, how does HashVerificationFilter check the hash, does it set 
a status somewhere? Because it doesn't throw an exception or anything for the 
wrong hash.Thank you very much for your time. It's truly appreciated.   

  

-- 
-- 
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.