> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf > Of Viktor Dukhovni > Sent: Wednesday, October 10, 2018 23:12 > > On Thu, Oct 11, 2018 at 01:23:41AM +0000, Michael Wojcik wrote: > > > - Data recovery from an encrypted backup is tough. With CBC, one bit goes > > astray and you've lost everything after that. > > No, a 1 bit error in CBC ciphertext breaks only the current block, > and introduces a 1 bit error into the plaintext of the next block. > After that, you're back in sync. Right, right. Emailing at bedtime again... Still, this is trouble enough. > But yes, indeed "openssl enc" offers little integrity protection. > One should probably break the data into chunks and encrypt and MAC > each chunk with the MAC covering the chunk sequence number, and > whether it is the last chunk. Clearly an improvement (and better than a single MAC over the entire message, for reasons we've discussed in the past on this list). But we're back to designing and implementing a cryptosystem, and that's fraught with dangers for non-experts (and for experts too, if we're honest). -- Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
