Re: Creating AES 256 and Diffie Hellman keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Michael,

Apologies for delayed reply as was on travel!!

I understand your concern of clicking random links by strangers, however thought that it will be a known link to few regular users of OpenSSL on Windows. I will take care of providing text in new queries/reply as mentioned.

I am not much into the dev side of Cryptography, as I am more into Applied Cryptography depending upon the version used. Would surely like to explore OpenSSL as well, and will send new email for that.

Regrading umask, I was referring to the cryptographic mask (Attributes) of the key so that it will be used for specific purpse say encryption/decryption/signing etc. I can relate the umask you were referring to for Unix/like systems.

I will surely go through the references mentioned by you for blog post. I am trying to explore the next level of cryptography based on my experience, to see how things are designed that I have been using for years now. I agree and believe the same thing to use an existing robust system, instead of creating something from scratch.

I appreciate your time and help in answering the query.

On Sat, Mar 4, 2023 at 8:01 PM Michael Wojcik via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
> From: Newbie User <n3wbie001@xxxxxxxxx>
> Sent: Saturday, 4 March, 2023 02:04
 
> I am using OpenSSL on Windows from: was expecting an exe installer directly by OpenSSL

OpenSSL is an open-source project. It doesn't install anything (leaving FIPS aside). You may have gotten an OpenSSL build from somewhere that includes the OpenSSL binaries (I'm not following links to random sites in email messages from people I don't know), but that's not relevant to my question, which was what OpenSSL version you're using and what commands you're running.

In the future, please provide that information with your questions, and do it as text, not screenshots. Screenshots are a waste of resources, they have poor accessibility, and it's not possible to copy text out of them when replying. They're almost always a bad idea.

That said, we now know you're using OpenSSL 3.0.8, and that you used openssl enc. Per the OpenSSL documentation and the warning message you received, by default that uses a deprecated key-derivation mechanism that does not provide what's now considered an adequate work factor for dictionary attacks on the key. (The documentation doesn't describe that mechanism, but a quick look at enc.c in the sources shows that it's EVP_BytesToKey, and a quick look at *that* suggests it's one of the versions of PKCS#5, and I think OpenSSL uses SHA256 as the digest.)

And the documentation and warning message both suggest you use the -pbkdf2 option, which uses PBKDF2 with 1000 iterations for derivation (again, as noted in the documentation and the output of "openssl enc -pbkdf2"), or -iter, which uses PBKDF2 with the specified number of iterations.

If you don't know what that means, you don't yet know enough about modern cryptography to be doing low-level operations safely. There's no shame in that; *I* don't know enough about modern cryptography to be doing low-level operations safely, and I read about it on a regular basis. It's a specialized field.

So the question here, as usual, is: What are you *actually* trying to do, and *why*? What problem are you trying to solve?


> The command though I would need to explore the suggestions in output.

Same command, with -pbkdf2 or -iter. "openssl enc -help" shows the syntax, and the documentation is online at openssl.org.

> Also where can I see the standard umask table to use for the key usage type (incase required)

I don't know what this means. The only technical meaning of "umask" I'm familiar with is the POSIX / SUS file-system permissions mask, which clearly doesn't apply here. You'll have to rephrase the question.


> DH>> To generate the jointly established shared secret which is a symmetric key. Was wondering to achieve
> the same via OpenSSL, first generating the DH parameters and then using it further.

If you're trying to learn about cryptography, this sort of experimentation may be interesting, but it may not be the best way to go about it. You could start with primary sources like /Applied Cryptography/ and /Cryptographic Engineering/, but to be frank modern cryptography is far more complicated than what's described in texts. (I'm reminded of this every time I read a blog post from Filippo Valsorda or Soatok or Matt Green or the like.) Even using well-established, relatively simple algorithms like AES and DH in a relatively secure manner is not trivial, much less assembling them into a relatively secure protocol.

If you're trying to build a cryptosystem to actually protect data from motivated attackers ... don't. Just don't. Use an existing one that's been vetted by experts.

--
Michael Wojcik

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux