| Subject | Re: [Firebird-Architect] Block Encryption, Initialization Vector, and Security |
|---|---|
| Author | Alex Peshkoff |
| Post date | 2010-11-10T09:33:51Z |
On 11/09/10 21:50, Jim Starkey wrote:
But this does not solve a problem with a lot of small packets (like
op_response) that have very deterministic nature.
But first of all I need to know - do you suggest to start CBC for each
package or treat the flow of packages as a single object to crypt? The
second approach is definitely more secure, but in case of lost single
package we are in trouble.
Alex.
> The line protocol is a different matter entirely. The packets are moreThis is very important. Certainly, we may add compression before crypt.
> deterministic and have less infrastructure than data pages, aren't
> compressed (last time I looked, at least). Carefully analyzed, it is
> distinctly possible that useful information might leak. Here, CBC is
> important. But is the initialization vector significant? If there were
> any chance that two sessions would play out identically, perhaps. But
> the nature of the protocol makes this virtually impossible.
But this does not solve a problem with a lot of small packets (like
op_response) that have very deterministic nature.
But first of all I need to know - do you suggest to start CBC for each
package or treat the flow of packages as a single object to crypt? The
second approach is definitely more secure, but in case of lost single
package we are in trouble.
Alex.