View previous topic :: View next topic |
Author |
Message |
Prads Just Arrived
Joined: 20 Oct 2010 Posts: 0
|
Posted: Wed Oct 20, 2010 4:31 pm Post subject: advice on cipher modes |
|
|
Hello,
I am a student, finished my A Level and am thinking about doing Computer Science in college. Anyway, I thought it would be cool to create a small freeware (possibly open source) program in my free time so I decided to make a password manager program in C++ that can generate and save the password in encrypted database. For encryption algorithm I have chosen to use Blowfish. I wrote the code for blowfish and tested it with the test vectors in Bruce Schneier website and it worked correctly.
Now for implementing it in my project, I have a question. I researched more about cryptography on the internet and found out about cipher mode of operation. In my program, passwords are kept in a data structure:
Code: |
struct passwordData {
string password;
string remark;
}; |
password contains strings of random character (assuming user won't use common words as password) like "%^T=t0LO8>" and remark contains some description about password like "My gmail password".
Now here's how I thought I would encrypt that data. Let's assume we have 2 passwords to encrypt, I would put the passwords in unsigned char array in this way:
(1st Password)(Remark)(2nd Password)(Remark)(some random padding bytes if needed)
then I would encrypt it and put it in the database. After my research, I found out that this method was called ECB mode of operation (am I right? lol).
So my question is, is this design safe? Or should I read more about other mode of operation?
Sorry if this is a stupid question. I am new to cryptography but I am really interested in it.
Thanks!
|
|
Back to top |
|
|
Fire Ant Trusted SF Member
Joined: 27 Jun 2008 Posts: 3 Location: London
|
Posted: Thu Oct 21, 2010 8:19 pm Post subject: |
|
|
Prads,
Its good to see you putting your time in our own projects. IMO its the best way to learn. As for your question, it's certainly not stupid. ECB or Electronic Code book is a cipher mode which you should avoid using. I am not sure if it applies to BlowFish but it certainly applies to AES. ECB has some serious weaknesses in that it may be possible to derive the key if you have enough cleartext/ciphertext.
If I use AES as an example, there are a number of modes of operation which the cipher can operate and they have different benefits. The overall algorithm is the same except the encryption of each block may rely on an IV or an XOR'd version of the previous block. This introduces some security means but slows things down.
I tried searching for some web resources for you, check this out http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation. The best example I have seen for describing these modes is in the Shon Harris CISSP book. It might also be in the Bruce Schneier Applied Cryptography book.
CFB - Cipher Feedback Mode
OFB - Output Feedback Mode
CBC - Cipher Block Chaining
ECB - Electronic Code Book - Very fast but only suitable for encrypting 1 block with a key.
Definitely read about the different modes before implementing anything. The worst thing that can happen is you become more knowledgeable about encryption.
Good Luck,
Fire Ant
|
|
Back to top |
|
|
Prads Just Arrived
Joined: 20 Oct 2010 Posts: 0
|
Posted: Sun Oct 24, 2010 7:11 pm Post subject: |
|
|
Thank you so much for replying. I discussed this issue with some of my fellow programmers and they advice me to use CBC mode for this project. I have almost completed writing the code, maybe I will complete it in next two days. Thank you for the reply, I really appreciate it...
|
|
Back to top |
|
|
Prads Just Arrived
Joined: 20 Oct 2010 Posts: 0
|
Posted: Thu Dec 16, 2010 6:47 am Post subject: |
|
|
Hello,
I have one more small question. I came across this Blowfish implementation weakness in software called DAR: http://www.juniper.net/security/auto/vulnerabilities/vuln24930.html
Quote: |
The application also incorrectly uses a password as keying material. This results in weakened Blowfish-CBC protections that render encrypted dar files unnecessarily vulnerable to cryptographic attack. |
My Password Manager program also uses user given password as blowfish key. Here's the link to the program, both source code and binary: http://www.pradsprojects.com/subrosa.html
Does that make the implementation weak? Do I have to use a password derivation algorithm?
Thanks!
|
|
Back to top |
|
|
Fire Ant Trusted SF Member
Joined: 27 Jun 2008 Posts: 3 Location: London
|
Posted: Tue Dec 21, 2010 12:21 pm Post subject: |
|
|
Hi Prads,
Looking at the the vulnerability report, unless you use 'blowfish::make_ivec' function in 'libdar/crypto.cpp' then you might be vulnerable. Have you implemented BlowFish yourself or do you use a common crypto library?
Fire Ant
|
|
Back to top |
|
|
Prads Just Arrived
Joined: 20 Oct 2010 Posts: 0
|
Posted: Wed Dec 22, 2010 5:56 am Post subject: |
|
|
I implemented the Blowfish encryption myself. I also tested it with test vectors from Bruce Schneier website, so I don't think there should be problem with implementation. For generating IV, I created my own function which generates 64 bit IV using PRNG function rand_s.
The problem is not with the IV, but the way Master Key is used with the Blowfish encryption. In my program, user gives a Master Key, can be maximum of 448 bit and minimum of 8 bit, and then the Master Key is used directly as a keying material for blowfish encryption without going through any key derivation functions like PBKDF 2. I was wondering how vulnerable this was...
|
|
Back to top |
|
|
|