Re: Crypto in DragonFlyBSD

[Dmitry Stephantsov <d.a.stephantsov@xxxxxxxxx>]

Hello, Robin!

Robin Carey wrote:
> There is some talk on the kernel-mailing list about implementing
> Cryptography in DragonFlyBSD.
>
> I would like to add my input in this discussion;
>
> Most cryptography implementations use block-ciphers. But I consider
> block-ciphers (even AES) bad, because
> they are just a code-book.


Actually, you can use different cipher modes like CBC to overtook this 
code-book-alike behavior of block ciphers. Advanced modes like 
LRW/XEX/XTS are even protecting against watermarking attacks.

> I consider Stream Ciphers to be the best way to encrypt data, as these are
> "the next best thing" to a
> one-time-pad (one-time-pad is a provably secure encryption method).

One-time-pad is indeed provably secure encrypted method (more, it has 
``perfect security'' property) but this does not holds for arbitrary 
stream cipher. A5 algorithm (which implemented in cell phones for GSM) 
considered weak ATM, for example.

Moreover, there is always opportunity to make attack with known plain 
text on stream cipher. Take the first block of a file which is, for 
example, C source. In most cases it will start with string like 
``#include'' or, even worse, with license notice. You know, almost 
surely, that plain text is license or sequence of includes. If 
cipher-stream was just xor'ed with plain text, you can take the license, 
xor it with the first block of the file and get the stream. With it you 
can perform further cryptanalysis.

It depends on application — which type of cipher to use. Stream ciphers 
are good when you don't actually know where your data will end (like the 
encoded voice in cell phones). Block ciphers were primarily designed to 
be used in computers (e.g. file systems and databases).

--

Best regards, Dmitry A. Stephantsov