English 中文(简体)
AES 256 in CTR mode [closed]
原标题:

Closed. This question needs to be more focused. It is not currently accepting answers.


Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 1 year ago.

ctr mode makes it possible to use a block cipher as a stream cipher but how strong will be the encryption in this mode ?

最佳回答

Ultimately it depends what you mean by strong. For example from an encryption point of view, i.e. taking the ability of an attacker to decrypt your ciphertext without access to the key, it should be as strong as any other use of AES256 (there is some dicussion on differential analysis between individual cipher blocks with a known plain text but that would be a weakness of the encryption algorithm not of the CTR mode itself).

In the end whether CTR mode is appropriate will depends what you want to apply it to and how you implement it. A couple of things to bear in mind when using this mode would be:

  • The same nonce/counter sequence will create the same cipher stream therefore you must ensure you do not ever use the same values for a given key. Otherwise it might be possible for an attacker given a message with a known plain text to reuse the cipher stream to decrypt your current message).
  • As the stream cipher is XORed with the plain text it means that a 1 bit change in the ciphertext directly results in that bit changing in the decrypted data, therefore some sort of message integrity is paramount, most likely a HMAC so that an attacker cannot realistically generate the hash and correct that as well.
问题回答

暂无回答




相关问题
Extend Contacts application on Android to provide encryption

I want to encrypt individual contacts stored by the Contacts application on Android based on user s preference. So, I am thinking I ll have to hook/extend the Contacts application before the it stores ...

Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

How to Pack/Encrypt/Unpack/Decrypt a bunch of files in Java?

I m essentially trying to do the following on a Java/JSP-driven web site: User supplies a password Password is used to build a strongly-encrypted archive file (zip, or anything else) containing a ...

Thread & Queue vs Serial performance

I though it ll be interesting to look at threads and queues, so I ve written 2 scripts, one will break a file up and encrypt each chunk in a thread, the other will do it serially. I m still very new ...

Convert PHP encryption code to C#

I m trying to convert this piece of code from PHP to C#. It s part of a Captive Portal. Could somebody explain what it does? $hexchal = pack ("H32", $challenge); if ($uamsecret) { $newchal = ...

Encryption: how to have 1 iv despite multiple fields

I ve been stuck trying to arrive at a best solution for this for a while. I know that an initialization vector has to be unique for each item being encrypted. So if I m encrypting an address and I ...

热门标签