archang has quit [Remote host closed the connection]
archang has joined #qi-hardware
fengling has quit [Ping timeout: 240 seconds]
archang has quit [Ping timeout: 276 seconds]
fengling has joined #qi-hardware
kristianpaul has joined #qi-hardware
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined #qi-hardware
sandeepkr has joined #qi-hardware
planasb_ has quit []
rjeffries has quit [Ping timeout: 264 seconds]
sb0 has joined #qi-hardware
jwhitmore has quit [Ping timeout: 276 seconds]
pcercuei has joined #qi-hardware
wej has joined #qi-hardware
xiangfu has quit [Ping timeout: 250 seconds]
jwhitmore has joined #qi-hardware
lars_ has joined #qi-hardware
jwhitmore has quit [Read error: Connection timed out]
jwhitmore has joined #qi-hardware
pcercuei has quit [Quit: brb]
pcercuei has joined #qi-hardware
fengling has quit [Ping timeout: 240 seconds]
kanzure_ has joined #qi-hardware
wpwrak_ has joined #qi-hardware
wpwrak has quit [Disconnected by services]
kanzure has quit [Ping timeout: 260 seconds]
sandeepkr has quit [Ping timeout: 244 seconds]
sandeepkr has joined #qi-hardware
<whitequark>
TIL gerber and gcode are both RS274
fengling has joined #qi-hardware
fengling has quit [Ping timeout: 240 seconds]
MistahDarcy has quit [Ping timeout: 260 seconds]
<kyak>
i have two files both encrypted with the same key (AES-256). I also have a plain-text version of one of the files. Does it help me recover another file?
xiangfu has joined #qi-hardware
<wpwrak_>
as long as the encrypted version of the 3rd file is identical to the encrypted version of the file for which you have the unencrypted version, too, then yes, it helps a lot
<wpwrak>
this image was also used to show the xor problem of ECB
sb0 has quit [Quit: Leaving]
sb0 has joined #qi-hardware
<kyak>
whitequark: thanks! that's way beyond my comprehension, but at least i have something to think about now :)
<kyak>
that question is quite practical. I'd like to store encrypted files in cloud, which is owned by not me
<kyak>
so i was thinking about how to encrypt individual files
<kyak>
having a separate encrypted image or "volume" seems like too much of a hassle
<kyak>
but being able to recover key by simply xor'ing.. that's scary
<larsc>
salt it
<whitequark>
yeah
<whitequark>
and don't use anything with AES
<whitequark>
generally speaking, bare AES is too hard to get right to easily ascertain whether a particular implementation contains glaring holes
<kyak>
if not AES, then what?
<whitequark>
xsalsa20poly1305
<kyak>
wait, what? that's my password!
<whitequark>
AES-GCM also works if implemented correctly (but there were some high-profile failures, IIRC)
fengling has joined #qi-hardware
<wpwrak>
whitequark: btw, you wouldn't happen to know of a stream version of crypto_box ? i.e., instead of working on the whole message, be able to extract N bytes at a time ? (plus validation, i.e., after a read to position X, have an optional read plus decrypting and hashing to the end, to ensure that the chunk just delivered is correct)
<wpwrak>
(though that could also be implemented on top of a simpler read N + check at EOF implementation)
<whitequark>
note that 'validation', by which you mean 'authentication', has to be done separately
<whitequark>
you can calculate a checksum using any strong hash in any way you would like, and then use crypto_auth
<wpwrak>
(link) oh wow. doesn't get any more obvious, does it ? :) thanks !
<wpwrak>
hmm, but no, that isn't actually what i was looking for
<whitequark>
how so?
<wpwrak>
first, i want to be compatible with crypto_box. alas, the usual implementations don't export some of the building blocks. so it would be nice to be able to redoing that.
<whitequark>
no, you cannot be compatible with crypto_box.
<wpwrak>
second, these functions just give me the encryption/decryption part of crypto_box but don't let me start at arbitrary positions
<wpwrak>
why not ?
<whitequark>
crypto_box is an authenticated encryption primitive
<whitequark>
as for arbitrary positions, sure you can
<whitequark>
use the _xorstream version, then junk X bytes to start at position X
<wpwrak>
but then i still have to store these X bytes
<whitequark>
no
<whitequark>
they're generated on the fly
<whitequark>
_xorstream is basically a wrapper around a CSPRNG
<wpwrak>
hmm, where is _xorstream ? all i see is _stream_xor
<wpwrak>
and that one doesn't expose the "on the fly" part
<whitequark>
yeah, _stream_xor
<wpwrak>
of course, inside it exists
<whitequark>
ah
<whitequark>
why can't you use crypto_box, anyway?
<whitequark>
derive the nonce from the stream position
<whitequark>
done
<wpwrak>
i don't want to have to keep everything in memory
<wpwrak>
and the box format is nice in half my use cases, so i don't want to tweak that
<wpwrak>
so if i'm on a pc, i just use crypto_box. on anelok, i use the streaming variant
<whitequark>
well, one thing you shouldn't do is make your own primitives
<wpwrak>
that's why i'm looking for an existing implementation :)
<whitequark>
so again
<whitequark>
why can't you use crypto_box?
<whitequark>
make many small messages (<<memory size)
<wpwrak>
messy. and i the ideal read size may be very small
<wpwrak>
(plus, the ideal read size may vary)
<whitequark>
well, if you want random authenticated reads, that's what you get
<whitequark>
opening the box of _stream_xor and saving/restoring state should be fine
<whitequark>
so if you can use that and a separate authentication step, it should be doable
<wpwrak>
yes, i basically need, at the "bottom": open(), read(), dup() (to copy the current generator and hash state), check_hash_at_eof()
<wpwrak>
read() would be an unauthenticated read
<wpwrak>
the authenticated read is then read(state), state2 = dup(state), while (read(state2)); check_hash_at_eof(state2);
<wpwrak>
the idea is to let anelok store small blobs in addition to passwords. for example, private keys. they're small enough that encryption/etc. is fast, but easily big enough that it hurts on the memory size.
sb0 has quit [Quit: Leaving]
pcercuei has quit [Quit: leaving]
<kyak>
whitequark: it says here https://en.wikipedia.org/wiki/Known-plaintext_attack that "Modern ciphers such as Advanced Encryption Standard are not currently known to be susceptible to known-plaintext attacks.". So it not as simple as just xor'ing?
Guest24524 is now known as pigeons
jwhitmore has joined #qi-hardware
<wpwrak>
kyak: this refers to AES as a building block. AES itself isn't vulnerable. however, if you use the AES building block improperly, then you may create a vulnerability.
<wpwrak>
so the real question seems to be "which cloud-compatible encryption tools use AES (or better) correctly"
<wpwrak>
and that would imply the question "what sort of cloud interface are we talking about ?" :)
<kyak>
but it's me who will be encrypting :)
<kyak>
i will encrypt files and put them on e.g. dropbox
<wpwrak>
okay, so all you need is a standalone encryption tool that takes a file and a key, and produces a properly encrypted file, or vice versa ?
<kyak>
regarding salt.. i understood that both gpg and openssl salt automatically. This somehow adds with my key (a password). But where is the salt being saved? In the encrypted file? I should probably go and read about how symmetric encryption works
<kyak>
yeah, that's basically what i need. I read that gpg does the job, but i now want to know details :)
jwhitmore has quit [Ping timeout: 252 seconds]
<wpwrak>
yes, the salt / IV should be attached to your file. else, you'd have to rememember it "offline", too. hardly convenient.
<larsc>
a salt IV can safe lives
jwhitmore has joined #qi-hardware
<wpwrak>
yeah, and expert use NaCl :)
<wpwrak>
hmm. server still down :( how hard can it be to set up a new box to distribution defaults and copy over the old disk ?
pcercuei has joined #qi-hardware
<wpwrak>
i guess soon at least i won't have to worry anymore about losing mails when is bring up a dodgy configuration ...