she can easily generate a nice long 'passprase' by generating a cryptographic hash of the plaintext (say sha256sum) and use this as a key for a symmetrical crypt
ie
alice$> echo "hello world" > plaintext # generate sample input file
alice$> sha256sum plaintext # a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447
and then crypt the file
alice$> openssl aes-256-cbc -in plaintext -out ciphertext
enter aes-256-cbc encryption password: [SHA256SUM GENERATED ABOVE]
Verifying - enter aes-256-cbc encryption password: [ditto]
alice$> ls -l plaintext ciphertext
-rw-rw-r--. 1 alice alice 32 Nov 7 16:01 ciphertext
-rw-rw-r--. 1 alice alice 12 Nov 7 16:00 plaintext
Alice can then send the symmetric key to Bob via their normal secure channel (assumed to be working)
and bob can decrypt with
bob$> openssl aes-256-cbc -d -in ciphertext
enter aes-256-cbc decryption password: [SHA SUM]
hello world
So - is using a hash function a Bad Idea?
The method is predictable -- yes but Mallory would need to know the plaintext (in which case, game over) to generate quickly, or would need to bruteforce ($time++)
Discussions / comments welcome
No comments:
Post a Comment