[Owncloud] File encryption notes

Marta Rybczynska marta at rybczynska.net
Sun Nov 20 16:58:14 UTC 2011 

Dnia wtorek 01 listopad 2011 o 17:47:20 Frank Karlitschek napisał(a):
> Hi Marta,
> 
> thanks a lot for you input. Unfortunately I understand only half of what
> you are saying. ;-) Because I´m not a crypto expert we decided to use an
> existing library which implements blowfish
> http://pear.php.net/package/Crypt_Blowfish/redirected

Using an existing library is a good idea. But you haven't taken enough
from it. As I looked into, it supports ECB and CBC mode. ECB is what
you're doing now. CBC is a better choice (not ideal, it doesn't work
well in parallel; but that doesn't matter here). 

> All we have is a small wrapper library which cut´s the data in chunks and
> encrypts them separately.
> 
> Do you think this is a bad choice?
>
This cutting is one of the important parts of the usage of cryptography.
I'll explain. Let's assume that one block your cipher encrypts is one byte
(much easier to have examples!). Now, your file has the following data:
AABACD
Now, when you split every byte and encrypt them separately, you get
ZZXZYW 
(enrypt(A, key) = Z, encrypt(B, key) = X, encrypt(C, key) = Y etc)
Now, someone, even without decrypting the data, may notice patterns
and change the encrypted text to
ZZYZYW
The decryption will work after this modification and give
AACACD
At this point on a cryptography class the professor usually says:
"Imagine that this document is a contract and that B is the amount" :)

Now, for real ciphers their block sizes are longer, but creating a dictionary
of known pairs encrypted-unencrypted is still possible.

To protect from problems like the one above we use methods of splitting
data that do not encrypt independently. They add factors that depend
on the block order, content around it etc, so the attack by simple replacement
is not possible. CBC is one of the "better" modes.
 
> A hash to check if the file is not corrupt is definitely a good idea. We
> should do this.

Cool.

Cheers,
Marta
> 
> Cheers
> Frank
> 
> On 30.10.2011, at 21:20, Marta Rybczynska wrote:
> > Hello all,
> > I've looked into the in-development file encryption mechanism in
> > Owncloud. I think it can see some improvements.
> > 
> > First, currently it is using ECB encryption mode. ECB is rarely used
> > because it is not very secure: it always encrypts the same plaintext
> > block into the same ciphertext. An attacker can try to modify such file
> > by introducing a known block, can build dictionaries etc. Wikipedia
> > has a nice explanation on the subject:
> > http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
> > 
> > It would be better to use a more secure mode, for example the simple
> > CTR (counter) mode. Even better would be to have also something that
> > prevents file modification/corruption. Like a hash of the unencrypted
> > file added to the stored, encrypted file. Then, at decryption, it would
> > be easy to check if the file is in the right state.
> > 
> > What do you think?
> > 
> > Marta
> > _______________________________________________
> > Owncloud mailing list
> > Owncloud at kde.org
> > https://mail.kde.org/mailman/listinfo/owncloud
> 
> Frank Karlitschek
> karlitschek at kde.org

More information about the Owncloud mailing list