Multiple encrypt / decrypt with same BIO
Locked
Multiple encrypt / decrypt with same BIO
 
|
Hello list,
I have been using RC4 to encrypt some files, everything is working ok, the problem is that I have been reading and it seems that the best way to add extra security to RC4 is to encrypt some data and throw it away before encrypting the real one, at least 12*256 bytes, so it's internals can get enought scrambling. I'm using BIO's and I suppose that the RC4 intialization takes place within this call: BIO_set_cipher(cipher, EVP_rc4(), key, NULL, 1); The problem is that after calling BIO_flush(cipher); I can't encrypt anything else without calling BIO_set_cipher before encrypting. Does Bio_flush unitialize the cipher method? is there any other way to accomplish what I'm trying to do here? I'm planning to call my encrypt function like 1 time each second or two, there may be a security problem if I need to initialize the RC4 each time right? Regards, and thanks for your time. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: Multiple encrypt / decrypt with same BIO
|
|
On Sun, Mar 12, 2006, Manuel Arguelles wrote:
> Hello list, > > I have been using RC4 to encrypt some files, everything is working ok, the > problem is that I have been reading and it seems that the best way to add > extra security to RC4 is to encrypt some data and throw it away before > encrypting the real one, at least 12*256 bytes, so it's internals can get > enought scrambling. I'm using BIO's and I suppose that the RC4 > intialization takes place within this call: > > BIO_set_cipher(cipher, EVP_rc4(), key, NULL, 1); > > The problem is that after calling BIO_flush(cipher); I can't encrypt > anything else without calling BIO_set_cipher before encrypting. Does > Bio_flush unitialize the cipher method? is there any other way to > accomplish what I'm trying to do here? I'm planning to call my encrypt > function like 1 time each second or two, there may be a security problem > if I need to initialize the RC4 each time right? > The best way to add security is not to use RC4. If you have to use RC4 the main thing to be aware of is that you should *never* reuse the same key for encrypting different data. Quite a few security issues have occurred due to people ignoring that... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
Re: Multiple encrypt / decrypt with same BIO
|
|
Yes, I'm aware of that, what I want to do is:
1. generate a key 2. encrypt string of 256 chars with 0's to BIO_s_null 100 times 3. encrypt the real data the problem is in step 2 to 3, It seems that I can't BIO_write to BIO_s_null (or mem or buffer or /dev/null), BIO_flush, then pop null and push file and continue writing... is this a feature? is there maybe something that I'm not getting? thanks > On Sun, Mar 12, 2006, Manuel Arguelles wrote: > >> Hello list, >> >> I have been using RC4 to encrypt some files, everything is working ok, >> the >> problem is that I have been reading and it seems that the best way to >> add >> extra security to RC4 is to encrypt some data and throw it away before >> encrypting the real one, at least 12*256 bytes, so it's internals can >> get >> enought scrambling. I'm using BIO's and I suppose that the RC4 >> intialization takes place within this call: >> >> BIO_set_cipher(cipher, EVP_rc4(), key, NULL, 1); >> >> The problem is that after calling BIO_flush(cipher); I can't encrypt >> anything else without calling BIO_set_cipher before encrypting. Does >> Bio_flush unitialize the cipher method? is there any other way to >> accomplish what I'm trying to do here? I'm planning to call my encrypt >> function like 1 time each second or two, there may be a security problem >> if I need to initialize the RC4 each time right? >> > > The best way to add security is not to use RC4. > > If you have to use RC4 the main thing to be aware of is that you should > *never* reuse the same key for encrypting different data. Quite a few > security > issues have occurred due to people ignoring that... > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [hidden email] Automated List Manager [hidden email] |
«
Return to OpenSSL - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |