Initialization Vector

-
Encryption work by taking a number of text blocks and then applies a key to these to produce cipher .blocks. Cipher blocks could end up being the same for the same input text. Thus an intruder could try and guess the cipher text. This is knows as electronic code book.You will find that every time you encrypt, you will find that every time you encrypt you will get the same value.

Apart from using a password to generate an encryption key, which complete decimates the key space, we have the problem of the algorithm used to process the plain text. If this is ECB then we have repeating cipher blocks for the same plain text.

If I take "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" and encrypt with 3-DES and a key of "beginner12345" we get:

encrypted: DDE22EE186FA0425 DDE22EE186FA0425
DDE22EE186FA0425 DDE22EE186FA0425 DDE22EE186FA0425 DDE22EE186FA0425 DDE22EE186FA0425 B2460B702A2508AE

Where we can see that the "a...a" values are always coded with same cipher text. Thus we can say the "aaaaaaaa" maps to the cipher text of DDE22EE186FA0425 .

 Adding IV

So, How do we overcome this problem, of always ending up with the same cipher text for a given plain text ? We add a bit of salt, to make sure that your result is always changing. For this we cipher text will change each time. This is typically applied into shared-key encryption and in hashing where we try and make sure that the cipher text differs for the same plain text.

The method most often used is CBC, where we start off with a random seed, knows as Initialization Vector. This is then used to create the first block. Next the output from the first block is then used to chain into the next block by Exclusive-Oring the output of the first with the output of the second block.

When does IV go wrong ?


We then end up with differing cipher block for a  changing IV. To change the IV , we might increment it by one for every message that we send. We could send it with the first message that we send, and we agree with the other side on how the IV vector will change. In the wireless encryption method, it had an IV which actually came around again after a certain amount of time, which meant that an intruder could actually determine the key used in encryption, which meant that an intruder could actually determine the key used in encryption, which obviously compromised the whole system.  WEP has been replaced by a session key which is unique to each host and which times-out before it can roll-over.

Comments

Post a Comment

Popular posts from this blog

Maven Setting Mirror

-
Maven Mirror specify from where dependencies should be downloaded. There is already repository tag is available but maven mirror used in specific condition. Let's see that. Geographically closer mirror to get dependencies You want to represent repository which have better control of dependencies Need to provide local cache to repository manager In the organisation, to avoid external traffic we can use mirror. Let's see the working of mirror. The scenario is like, we have two repository first, Maven Central and second, Custom We have declared dependencies to an  artifact. Maven will look into Custom repository. Dependencies is not found into the Custom repository.  Maven will go to central repository. Maven will notice that mirror was configured for that repository. Maven will not go to central but it will go to mirror URL. Following way we can declare, Mirror in settings.xml <settings> ... <mirrors> <mirror> <id&
Read more

Spring Session

-
Spring Session provides an API and implementation for managing a user's session information. It also support clustered sessions without being tied to an application container-specific solution. Spring session support  integration with the HttpSession, WebSocket and WebSession. HttpSession : HttpSession replace HttpSession in application container with support of providing sessionId in header to work with RESTFUL APIS . WebSocket : It keeps alive HttpSession when receiving webSocket message. WebSession : WebSession replace Spring WebFlux's WebSession in an application container neutral way. Above thing can be  achieved using Spring Session Core, Spring Session Data Redis, Spring Session JDBC, Spring Session HazelCast. Spring Session Core provides core Spring Session functionality and API. Spring Session Data Redis provides SessionRepository and ReactiveSesssionRepository implementation backed by Redis and Configuration support. Spring Session JDBC provides Sess
Read more

Hibernate Version 5.0

-
Date/Time API Hibernate supports the classes of the Date and Time API as BasicTypes. This provides the main advantage, that you don’t have to provide any additional annotations. Not even the @Temporal annotation which you currently add to each java.util.Date attribute. Hibernate 5 is the first version which supports the Java 8 Date/Time API. Developers can use Java8 Date/Time in the program and persistence will be handled well by the ORM. It means in persistence Process below thing is taken care by ORM. @ Repetable annotations It is actually used to annotate the same annotation multiple times. For example, you can define multiple named queries under  @NamedQueries  annotation. Load Object by Multiple IDS Method  byMultipleIds(),  which is part of the session class and this is used to load multiple objects at a time by providing the primary key in  multiLoad()  function. This is very useful when we know about the primary key and want to load all at a time in th
Read more