Thanks for your response. I'll need to read up on that. Am 16.03.2012 02:56 schrieb "Carsten Wentzlow" <carsten<[email protected]> @ <[email protected]>recurity <[email protected]>-<[email protected]> labs.com <[email protected]>>: > > Hi! > ~~~ > > On 03/15/2012 04:48 PM, Carsten Wentzlow wrote: > > On 03/15/2012 03:41 PM, Tankred Hase wrote: > >> 1. Is 'prefixrandom' like an initialization vector? If so, I can't choose it randomly for deterministic encryption for obvious reasons. So I also derive it from the sha1 hash right now. Need to research how to do this correctly though. > > To answer your question ;) : You don't need the prefix random on decryption. You can easily use secure random data for the prefix during encryption and don't need to store it somewhere. On decryption it will be checked, and removed from the plaintext data.
What do you by "securing random data during encrypion"? Wont this propigate through the ciphertext during encryption and create a different ciphertext each time? The goal would be to be able to let two users encrypt to identical cyphertexts, so they can be deduplicated on the server. According to rfc4880 the block size for AES is 16 octets. Perhaps it would make sense to use sha256 and use the bytes 0-15 as the encryption key and the bytes 16-31 as the randomPrefix. Tankred
_______________________________________________ http://openpgpjs.org
