Hi! ~~~ On 03/15/2012 11:51 PM, Tankred Hase wrote: > > Thanks for your response. I'll need to read up on that. > Am 16.03.2012 02:56 schrieb "Carsten Wentzlow" <carsten > <mailto:[email protected]>@ > <mailto:[email protected]>recurity > <mailto:[email protected]>- > <mailto:[email protected]>labs.com > <mailto:[email protected]>>: > > > > Hi! > > ~~~ > > > > On 03/15/2012 04:48 PM, Carsten Wentzlow wrote: > > > On 03/15/2012 03:41 PM, Tankred Hase wrote: > > >> 1. Is 'prefixrandom' like an initialization vector? If so, I can't > > >> choose it randomly for deterministic encryption for obvious reasons. So > > >> I also derive it from the sha1 hash right now. Need to research how to > > >> do this correctly though. > > > > To answer your question ;) : You don't need the prefix random on > > decryption. You can easily use secure random data for the prefix during > > encryption and don't need to store it somewhere. On decryption it will be > > checked, and removed from the plaintext data. > > What do you by "securing random data during encrypion"? Wont this propigate > through the ciphertext during encryption and create a different ciphertext > each time? The goal would be to be able to let two users encrypt to identical > cyphertexts, so they can be deduplicated on the server. >
You are correct the result would be a different cipher text each time. > According to rfc4880 the block size for AES is 16 octets. Perhaps it would > make sense to use sha256 and use the bytes 0-15 as the encryption key and the > bytes 16-31 as the randomPrefix. > As already described the standard defines this prefix to be random. I am not a crypto expert and so I can't answer if this is considered secure or not. I am tempted to say this could be a solution. best regards, carsten _______________________________________________ http://openpgpjs.org
