[120942] in cryptography@c2.net mail archive
Re: Double Encryption Q
daemon@ATHENA.MIT.EDU (Jack Lloyd)
Fri Apr 18 16:46:07 2008
Date: Wed, 16 Apr 2008 11:16:02 -0400
From: Jack Lloyd <lloyd@randombit.net>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <afe51f3f0804110730n7542c555ieceaaf8643d6ab89@mail.gmail.com>
On Fri, Apr 11, 2008 at 04:30:47PM +0200, COMINT wrote:
> Quick system scenario:
>
> You have packet [A].
>
> It gets encrypted using an AES algo in a particular mode and we are
> left with [zA].
>
> More data [B] is added to that encrypted packet.
>
> Now I have [zA]+[B] in one packet and I re-encrypt it with the same
> algo/key/mode.
>
> Have I just compromised the security somehow? I wasn't aware of
> anything but something about this double encryption made something
> ring in my mind so I wanted to double check...
This would certainly cause problems in if "particular mode" == OFB or
counter, since (if you also reuse the IVs), you could have E(zA) == A.
If you use a different (independent, unrelated) key/IV, then the
existence of a weakness in this scheme would seem to provide evidence
of an attack on AES, regardless of mode choice.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
