I would be grateful if someone who understands cryptography better than me could give me some ideas or comments. I just need to verify whether the password is correct. I don't need to verify integrity of the password AND the encrypted file (or, in cryptographical terms, key and the message). I am not very good at understanding HMAC, but I think that in this case HMAC would not be used for what it was designed. This does not meet condition A, because all good key derivation functions should deliberately use excessive CPU/memory resources. Using key derivation function (KDF), like PBKDF2.Then the attacker can write proprietary software which will be able to perform dictionary attack agains files encrypted with my software using our own hash-generating algorithm. I suspect this won't help at all since we know that the attacker has access to the source code - so the attacker will always be able to generate salt for the given password and, hence, generate the hash. RSA is used in many environments, including Secure Sockets Layer (SSL), and it can be used for key exchange. RSA works with both encryption and digital signatures. It’s widely implemented, and it has become a de facto standard. The initial seed of the PRNG is derived from the password. The RSA algorithm is an early public key encryption system that uses large integers as the basis for the process. Salt is going to be generated using pseudo-random number generator (PRNG). Probably not a good idea because of risk of precomputed dictionary attacks. Here are possible options that I was thinking about and my commentary to them: My question is - what kind of signature should I use so the security is not compromised? The one and only thing that the attacker does NOT have is password. I assume that a theoretical attacker has complete source code of my software. If we encrypt the same plaintext file twice with the same password, the header and encrypted text must not be the same. Risk of using weak/guessable password is NOT present as we declare in advance that only secure, long, random passwords are going to be used for encryption.ī. Password checking must be as fast as possible and it should not require excessive CPU/memory resources. There are several condition that must be met:Ī. For that purpose encrypted file contains header (which I would like to keep as small as possible), where some signature derived from password is going to be stored. When decrypting data, I want to be able to check whether supplied password is correct. During encryption phase data wil be compressed and encrypted. I am developing a software to encrypt/decrypt files/streams using symmetrical encryption algorithm.
0 Comments
Leave a Reply. |