First draft after proof-reading #412
Conversation
src/stream-ciphers.rst
Outdated
| secure cryptosystems. | ||
|
|
||
| Mallory wants to figure out what Alice's record says. For simplicity's | ||
| sake, let's say there's only one ciphertext block. That means Alice's | ||
| sake, lets say there is only one ciphertext block. This means Alice's |
There was a problem hiding this comment.
The original let's say appears correct?
src/stream-ciphers.rst
Outdated
| wouldn't be encrypted using the same key. | ||
| Lessons learned: do not let IVs be predictable. Also, do not roll your own | ||
| cryptosystems. In a secure system, records of Alice and Mallory probably | ||
| are not encrypted using the same key. |
There was a problem hiding this comment.
Hm, this is a little funky. Let's replace
Also, do not roll your own cryptosystems. In a secure system, records of Alice and Mallory probably are not encrypted using the same key.
As we'll see later on in the book, just having unpredictable IVs doesn't make a system safe! This is a general argument against rolling your own cryptosystems: a high-quality implementation might have encrypted those records under different keys. Or it could use other controls, like relying on the associated data of an AEAD (which we'll see later) to make sure processes wouldn't perform cryptographic operations on behalf of Mallory that would also have worked for Alice.
There was a problem hiding this comment.
Thanks! This is great. I will make the changes
I have a question on original wording.
In " In a secure system, records of Alice and Mallory probably are not encrypted using the same key.", is there any "secure" system that encrypts different entities with a same key?
src/stream-ciphers.rst
Outdated
| unpredictable because it's secret: if it were predictable, the attacker | ||
| could just predict the key directly and already have won. Conveniently, | ||
| many block ciphers have block sizes that are the same length or less | ||
| Many CBC systems set the key as the :term:`initialization vector`. This seems like |
src/stream-ciphers.rst
Outdated
| could just predict the key directly and already have won. Conveniently, | ||
| many block ciphers have block sizes that are the same length or less | ||
| Many CBC systems set the key as the :term:`initialization vector`. This seems like | ||
| a good idea as you always need a shared secret key. It |
There was a problem hiding this comment.
"as" feels weird here: "because" maybe?
| Many CBC systems set the key as the :term:`initialization vector`. This seems like | ||
| a good idea as you always need a shared secret key. It | ||
| yields a nice performance benefit because the sender and receiver | ||
| do not have to communicate to the IV explicitly. They already know the key |
There was a problem hiding this comment.
"to communicate to the IV" makes no sense; the IV is the object of the communication.
There was a problem hiding this comment.
How about changing from
It yields a nice performance benefit because the sender and receiver do not have to communicate to the IV explicitly.
to
It yields a nice performance benefit because the sender and receiver do not have to exchange the IV explicitly.
src/stream-ciphers.rst
Outdated
| than the key size, so the key is big enough. | ||
|
|
||
| This setup is completely insecure. If Alice sends a message to Bob, | ||
| The setup is completely insecure. If Alice sends a message to Bob, |
There was a problem hiding this comment.
Again original reads better to me, how about you?
There was a problem hiding this comment.
As a native Korean speaker, it is really difficult dealing with an article (in grammar sense). Korean doesn't have articles.
Long story short, reverted :)
src/stream-ciphers.rst
Outdated
| do not have to communicate to the IV explicitly. They already know the key | ||
| (and therefore the IV) ahead of time. Plus, the key is an | ||
| unpredictable secret. If it was predictable, the attacker | ||
| can predict the key directly and already win. Conveniently, |
There was a problem hiding this comment.
"... could just predict the key directly."
| Lesson learned: do not use the key as an IV. Part of the fallacy in the | ||
| introduction is assuming secret data can be in the IV given | ||
| it only has to be unpredictable. This is not true: “secret” is | ||
| just a different requirement from “not secret”. It does not mean a |
There was a problem hiding this comment.
"It does not mean a stronger one" makes no sense to me.
There was a problem hiding this comment.
This is a seoncd "Lesson learned" for attack on CBC mode.
I think this whole paragraph can be reworked a bit. Maybe this can be shortened and just reiterate the importance of picking random, unpredictable IVs.
And add in a general good guide on how to generate random, unpredictable IVs? (I don't know giving a guide is a thing for this book though)
src/stream-ciphers.rst
Outdated
| what you're doing. | ||
| Plenty of systems exist where it is okay to use a secret when not | ||
| required. In some cases you may get a stronger system. | ||
| Though it depends on what you are doing. |
There was a problem hiding this comment.
Again this new paragraph is overall worse than the original IMO
| secure cryptosystems. | ||
|
|
||
| Mallory wants to figure out what Alice's record says. For simplicity's | ||
| sake, let's say there's only one ciphertext block. That means Alice's | ||
| sake, lets say there is only one ciphertext block. This means Alice's | ||
| ciphertext consists of an IV and one ciphertext block. | ||
|
|
||
| Mallory can still try to use the application as a normal user, meaning |
There was a problem hiding this comment.
@lvh ,
Line 356 ends with "or ..."
Should this be updated?
There was a problem hiding this comment.
That's intentional, but you could certainly just replace that with a ..
There was a problem hiding this comment.
I'll leave it as the original version.
src/stream-ciphers.rst
Outdated
| wouldn't be encrypted using the same key. | ||
| Lessons learned: do not let IVs be predictable. Also, do not roll your own | ||
| cryptosystems. In a secure system, records of Alice and Mallory probably | ||
| are not encrypted using the same key. |
There was a problem hiding this comment.
Thanks! This is great. I will make the changes
I have a question on original wording.
In " In a secure system, records of Alice and Mallory probably are not encrypted using the same key.", is there any "secure" system that encrypts different entities with a same key?
src/stream-ciphers.rst
Outdated
| unpredictable because it's secret: if it were predictable, the attacker | ||
| could just predict the key directly and already have won. Conveniently, | ||
| many block ciphers have block sizes that are the same length or less | ||
| Many CBC systems set the key as the :term:`initialization vector`. This seems like |
src/stream-ciphers.rst
Outdated
| could just predict the key directly and already have won. Conveniently, | ||
| many block ciphers have block sizes that are the same length or less | ||
| Many CBC systems set the key as the :term:`initialization vector`. This seems like | ||
| a good idea as you always need a shared secret key. It |
| Many CBC systems set the key as the :term:`initialization vector`. This seems like | ||
| a good idea as you always need a shared secret key. It | ||
| yields a nice performance benefit because the sender and receiver | ||
| do not have to communicate to the IV explicitly. They already know the key |
There was a problem hiding this comment.
How about changing from
It yields a nice performance benefit because the sender and receiver do not have to communicate to the IV explicitly.
to
It yields a nice performance benefit because the sender and receiver do not have to exchange the IV explicitly.
src/stream-ciphers.rst
Outdated
| do not have to communicate to the IV explicitly. They already know the key | ||
| (and therefore the IV) ahead of time. Plus, the key is an | ||
| unpredictable secret. If it was predictable, the attacker | ||
| can predict the key directly and already win. Conveniently, |
src/stream-ciphers.rst
Outdated
| than the key size, so the key is big enough. | ||
|
|
||
| This setup is completely insecure. If Alice sends a message to Bob, | ||
| The setup is completely insecure. If Alice sends a message to Bob, |
There was a problem hiding this comment.
As a native Korean speaker, it is really difficult dealing with an article (in grammar sense). Korean doesn't have articles.
Long story short, reverted :)
src/stream-ciphers.rst
Outdated
| wouldn't be encrypted using the same key. | ||
| Lessons learned: do not let IVs be predictable. Also, do not roll your own | ||
| cryptosystems. In a secure system, records of Alice and Mallory probably | ||
| are not encrypted using the same key. |
src/stream-ciphers.rst
Outdated
| what you're doing. | ||
| Plenty of systems exist where it is okay to use a secret when not | ||
| required. In some cases you may get a stronger system. | ||
| Though it depends on what you are doing. |
I still need to read over this one more time