Thursday, 8 November 2012

Alice and Bob go hashing

Alice wants to share some files with Bob over a public medium. Alice's computer is presumed 'secure'

she can easily generate a nice long 'passprase' by generating a cryptographic hash of the plaintext (say sha256sum) and use this as a key for a symmetrical crypt

ie

alice$> echo "hello world" > plaintext # generate sample input file
alice$> sha256sum plaintext # a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447

and then crypt the file


alice$> openssl aes-256-cbc -in plaintext -out ciphertext
enter aes-256-cbc encryption password: [SHA256SUM GENERATED ABOVE]
Verifying - enter aes-256-cbc encryption password: [ditto]
alice$> ls -l plaintext ciphertext
-rw-rw-r--. 1 alice alice 32 Nov  7 16:01 ciphertext
-rw-rw-r--. 1 alice alice 12 Nov  7 16:00 plaintext


Alice can then send the symmetric key to Bob via their normal secure channel (assumed to be working)
and bob can decrypt with

bob$> openssl aes-256-cbc -d -in ciphertext 
enter aes-256-cbc decryption password: [SHA SUM]
hello world


So - is using a hash function a Bad Idea? 
The method is predictable -- yes but Mallory would need to know the plaintext (in which case, game over) to generate quickly, or would need to bruteforce ($time++)


Discussions / comments welcome

No comments:

Word of mouth Skye History

Many years ago we lived in the Old Manse in Waternish, Skye. If you look on the maps, you'll spot that unlike nearly all the other house...