Suggestion regarding security
Status: Beta
Brought to you by:
selinger
Menu
▾
▴
#3 Suggestion regarding security
Hi Peter,
In the faq file (section "5. Security"), you say about
the magic number:
> To summarize: on random data, the magic number
> leads to a speedup of cryptanalysis by factor
> 2^32 in the worst case. On non-random data (such
> as, most typical files), there is no speedup at
> all.
Would do think of an additional option to disable any
verification by the magic number? When encrypting, the
four bytes occupied by the magic number would then be
replaced with random values. So if one, for whatever
reason, needs or wants or fears the speedup by factor
2^32, this option would be very useful.
Regards,
redista
Logged In: YES
user_id=160301
Dear Redista,
thanks for reading the FAQ so carefully! Your suggestion is
sensible, in the following context: (1) the data to be
encrypted is random, and (2) there is some other means of
verifying the correctness of the key. The only context that
I can think of which satisfies these conditions is double
encryption (i.e., encrypting a stream which is already
encrypted with the same or a different known key).
The reason I have not added such an option is for
simplicity. A speedup of 2^32 sounds like a lot, but it is
actually very little when compared to the size of the key
space, which is 2^256. The space of all keys which "match
the magic number" still has size 2^224. Many other strong
encryption programs use a key space of only 2^128.
The other reason I have not added this option is, again, I
don't want to throw up false smoke screens. The average user
is not a cryptographic expert. When they see this option,
they will be tempted to use it and think that their
encryption is somehow "2^32 times more secure". This false
sense of security may lead them to use shorter keywords or
whatever, which would therefore compromise their real
security. The average user would not understand the meaning
of the phrase "this makes no difference when the encrypted
data is not already cryptographically random".
Knowing that the context in which such an option would be
useful is a highly specialized one, useful only to a few
experts who really know what they are doing, I prefer not to
add it to the user-level program.
The real experts who need this option can easily figure out
how to change one line of code in ccryptlib.c to disable
magic number creation.
The general design principle of ccrypt is to give users
relatively little control over the cryptographic algorithms.
Some other programs let you choose between umpteen different
ciphers, different key sizes, encryption modes, whatever.
Most users prefer not to make those kinds of decisions, and
those other programs are therefore not easy to use. By
contrast, ccrypt only has one algorithm, but it is very
strong. It is this simplicity which I believe accounts for
much of ccrypt's popularity. -- Peter
Logged In: YES
user_id=1141000
Hi,
> The reason I have not added such an option
> is for simplicity.
I can understand your objective to make the handling of the
program as easy and as fool proof as possible. On the other
hand your program already offers quite a lot command line
option, and even the average user needs (or should at least)
read the manual before using your tool.
I think it wouldnt backfire to add such an option. An
average user would use only the important switches (like d,
-e) and would be to lazy to read about all the other
possibilities.
In my opinion your program could still be simple to use if
such an advanced option would be optional and not in
standard mode active. I also think it would make your
program even more interesting to those who might need such
an option.
> The general design principle of ccrypt
> is to give users relatively little control
> over the cryptographic algorithms. Some
> other programs let you choose between
> umpteen different ciphers, different key
> sizes, encryption modes, whatever.
I also had the idea to suggest that you could add other
ciphers like Twofish or Serpent to your program. But you
dont intend to do so, do you?
I hope Ive found the right words and made myself understood
(I am not a native speaker).
Nevertheless, I really like your program and thank you for
all the time youve put in it. Its so much handier to use
for file encryption than GnuPG, which Ive used before.
Regards,
redista