[openssl-users] openssl commandline client use

Michael Wojcik Michael.Wojcik at microfocus.com
Thu Oct 11 12:42:30 UTC 2018


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Wednesday, October 10, 2018 23:12
>
> On Thu, Oct 11, 2018 at 01:23:41AM +0000, Michael Wojcik wrote:
>
> > - Data recovery from an encrypted backup is tough. With CBC, one bit goes
> > astray and you've lost everything after that.
>
> No, a 1 bit error in CBC ciphertext breaks only the current block,
> and introduces a 1 bit error into the plaintext of the next block.
> After that, you're back in sync.

Right, right. Emailing at bedtime again... Still, this is trouble enough.

> But yes, indeed "openssl enc" offers little integrity protection.
> One should probably break the data into chunks and encrypt and MAC
> each chunk with the MAC covering the chunk sequence number, and
> whether it is the last chunk.

Clearly an improvement (and better than a single MAC over the entire message, for reasons we've discussed in the past on this list). But we're back to designing and implementing a cryptosystem, and that's fraught with dangers for non-experts (and for experts too, if we're honest).

--
Michael Wojcik
Distinguished Engineer, Micro Focus





More information about the openssl-users mailing list