different encrypted text for the same plain text message

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

different encrypted text for the same plain text message

R-D intern
Hello,
I am using ECDSA-ECDHE-AES-SHA cipher suite for client -server security.I tried understanding the mechanism handshake mechanism. What still quizzes me is ; communication between a specific client -server for a specific session generates different encrypted text for the same plain text message. What leads  to this? Can anybody elaborate?
Please reply.
Thanks and regards,
Suman
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

Benjamin Kaduk
There are several places where a per-connection random input is introduced, with a specific goal of making encryptions of the same plaintext produce different ciphertexts (as well as other benefits).  If a plaintext always produced the same ciphertext, then an attacker could make a dictionary of different observed ciphertexts and know when the same plaintext was being repeated, which violates the confidentiality property desired from the protocol.

-Ben

On 07/28/2016 06:19 AM, R-D intern wrote:
Hello,
I am using ECDSA-ECDHE-AES-SHA cipher suite for client -server security.I
tried understanding the mechanism handshake mechanism. What still quizzes me
is ; communication between a specific client -server for a specific session
generates different encrypted text for the same plain text message. What
leads  to this? Can anybody elaborate?
Please reply.
Thanks and regards,
Suman



--
View this message in context: http://openssl.6102.n7.nabble.com/different-encrypted-text-for-the-same-plain-text-message-tp67595.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

Short, Todd
Rich Salz basically told this guy to read Wikipedia about cryptography… :)
--
-Todd Short
// "One if by land, two if by sea, three if by the Internet."

On Jul 28, 2016, at 11:15 AM, Benjamin Kaduk <[hidden email]> wrote:

There are several places where a per-connection random input is introduced, with a specific goal of making encryptions of the same plaintext produce different ciphertexts (as well as other benefits).  If a plaintext always produced the same ciphertext, then an attacker could make a dictionary of different observed ciphertexts and know when the same plaintext was being repeated, which violates the confidentiality property desired from the protocol.

-Ben

On 07/28/2016 06:19 AM, R-D intern wrote:
Hello,
I am using ECDSA-ECDHE-AES-SHA cipher suite for client -server security.I
tried understanding the mechanism handshake mechanism. What still quizzes me
is ; communication between a specific client -server for a specific session
generates different encrypted text for the same plain text message. What
leads  to this? Can anybody elaborate?
Please reply.
Thanks and regards,
Suman



--
View this message in context: http://openssl.6102.n7.nabble.com/different-encrypted-text-for-the-same-plain-text-message-tp67595.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

R-D intern
In reply to this post by Benjamin Kaduk
Hello Benjamin,
Thanks for the reply.
I know the purpose and benefit of creating different cipher texts of the same corresponding plain text.But I would like to know about the places where this randomness gets introduced to create different encrypted texts.Because SSL handshake takes place only once. After creation of  pre secret key(for an entire session) at both the client and the server ends, master key is created based on pre secret key, identifier label, client and server random numbers which is again maintained for an entire session . The master key is responsible for creating MAC key, bulk encryption key and IV for client - server  read - write.  If the bulk encryption key (which is responsible for encrypting the message ) for an entire session is fixed and constant, then how is the encrypted text different?
Regards,
Suman
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

Jakob Bohm-7
On 29/07/2016 09:23, R-D intern wrote:

> Hello Benjamin,
> Thanks for the reply.
> I know the purpose and benefit of creating different cipher texts of the
> same corresponding plain text.But I would like to know about the places
> where this randomness gets introduced to create different encrypted
> texts.Because SSL handshake takes place only once. After creation of  pre
> secret key(for an entire session) at both the client and the server ends,
> master key is created based on pre secret key, identifier label, client and
> server random numbers which is again maintained for an entire session . The
> master key is responsible for creating MAC key, bulk encryption key and IV
> for client - server  read - write.  If the bulk encryption key (which is
> responsible for encrypting the message ) for an entire session is fixed and
> constant, then how is the encrypted text different?
> Regards,
> Suman
>
The IV changes.  The precise method of changing the IV
depends on the TLS version, because the method used in
SSL 3 and TLS 1.0 was not as secure as it should be.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

R-D intern
Thank you, Jakob.
I had read that the earlier versions IV logic used to use the last block of the ciphertext as the IV for the next message and this proved vulnerable giving way to reflection attacks. But is it only the IV that changes? the bulk encryption and MAC keys remain constant throughput the entire session right?
Regards,
Suman
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

Dr. Stephen Henson
In reply to this post by R-D intern
On Fri, Jul 29, 2016, R-D intern wrote:

> Hello Benjamin,
> Thanks for the reply.
> I know the purpose and benefit of creating different cipher texts of the
> same corresponding plain text.But I would like to know about the places
> where this randomness gets introduced to create different encrypted
> texts.Because SSL handshake takes place only once. After creation of  pre
> secret key(for an entire session) at both the client and the server ends,
> master key is created based on pre secret key, identifier label, client and
> server random numbers which is again maintained for an entire session . The
> master key is responsible for creating MAC key, bulk encryption key and IV
> for client - server  read - write.  If the bulk encryption key (which is
> responsible for encrypting the message ) for an entire session is fixed and
> constant, then how is the encrypted text different?

The master key along with client and server random values is used to derive
the session keys. That is the random values from the current session. So if
you resume a session the master key is the same but the random values differ
and so the session keys are different too.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

R-D intern
Thank you,  Stephen.
You answered regarding randomness in different sessions if session resumption is on. But my question revolves around the same messages within the same Session. How different encrypted texts are formed of the same plaintext between a client -server?
Is it only the iv changes or the MAC,  BULK encryption keys as well?
Reply | Threaded
Open this post in threaded view
|

Re: different encrypted text for the same plain text message

Dr. Stephen Henson
On Sat, Jul 30, 2016, R-D intern wrote:

> Thank you,  Stephen.
> You answered regarding randomness in different sessions if session
> resumption is on. But my question revolves around the same messages within
> the same Session. How different encrypted texts are formed of the same
> plaintext between a client -server?
> Is it only the iv changes or the MAC,  BULK encryption keys as well?
>

That has already been answered: only the IV changes. The technique used
depends on the version of TLS/SSL. There is also some additional data put
through the MAC which depends on the record sequence number. So even with the
same application data different data is MACed.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users