7 Nov 2012 elwell   » (Journeyer)

Alice and Bob go hashing

Alice wants to share some files with Bob over a public medium. Alice's computer is presumed 'secure'

she can easily generate a nice long 'passprase' by generating a cryptographic hash of the plaintext (say sha256sum) and use this as a key for a symmetrical crypt


alice$> echo "hello world" > plaintext # generate sample input file
alice$> sha256sum plaintext # a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447

and then crypt the file

alice$> openssl aes-256-cbc -in plaintext -out ciphertext
enter aes-256-cbc encryption password: [SHA256SUM GENERATED ABOVE]
Verifying - enter aes-256-cbc encryption password: [ditto]
alice$> ls -l plaintext ciphertext
-rw-rw-r--. 1 alice alice 32 Nov  7 16:01 ciphertext
-rw-rw-r--. 1 alice alice 12 Nov  7 16:00 plaintext

Alice can then send the symmetric key to Bob via their normal secure channel (assumed to be working)
and bob can decrypt with

bob$> openssl aes-256-cbc -d -in ciphertext 
enter aes-256-cbc decryption password: [SHA SUM]
hello world

So - is using a hash function a Bad Idea? 
The method is predictable -- yes but Mallory would need to know the plaintext (in which case, game over) to generate quickly, or would need to bruteforce ($time++)

Discussions / comments welcome

Syndicated 2012-11-07 15:10:00 (Updated 2012-11-07 15:10:28) from Andrew Elwell

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!