Timeline for Is it possible to calculate an encryption key when both the plain text and ciphertext are known?
Current License: CC BY-SA 4.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 16, 2021 at 16:31 | comment | added | Junelilly | @Mr.Engineer I think you want signing, not encryption. Like with RSA or HMAC | |
| Apr 15, 2021 at 14:05 | comment | added | Mr. Engineer | @JonBentley Server needs to know which user is logged in and for that we need to set session identifier to his browser. Username is not secret, but ciphertext is. But as Jason Goemaat pointed out, this system has another weakness which is that those identifiers cannot be revoked if they get exposed. | |
| Apr 15, 2021 at 13:45 | comment | added | Mr. Engineer | @JonBentley Attacker doesn't know the key so he cannot produce the ciphertext, and thus, cannot access the account without password. Server will provide client that ciphertext but only after checking that his password is correct. But there is another weakness here which is that this ciphertext cannot be revoked without changing the encryption key, which would logout all users. | |
| Apr 15, 2021 at 8:13 | comment | added | Jon Bentley | @Mr.Engineer "attacker cannot generate the ciphertext because he doesn't know the key so he cannot forge the identifier.". What is to stop the attacker from carrying out step 1 of your scheme? ("Upon successful login, server takes the username of client and encrypts it with AES-256"). Presumably during the first "successful login" the user has to provide the username? | |
| Apr 15, 2021 at 7:36 | vote | accept | Mr. Engineer | ||
| Apr 15, 2021 at 7:40 | |||||
| Apr 15, 2021 at 7:15 | comment | added | kelalaka | If they cannot access the AES key of the server, then with a given user name, they cannot produce the corresponding ciphertext, unless your server acts as an encryption oracle. | |
| Apr 15, 2021 at 7:07 | comment | added | Mr. Engineer | We are talking about attacker who is attempting to access the account by forging the identifier, assuming that client's browser is not exposed. Username as identifier can very easily be forged without encryption. | |
| Apr 15, 2021 at 6:59 | comment | added | kelalaka | What kind of attacker we are talking about exactly? If the attacker installed a key logger then they can learn everything the user typed. | |
| Apr 15, 2021 at 6:25 | comment | added | Mr. Engineer | To clarify: attacker cannot generate the ciphertext because he doesn't know the key so he cannot forge the identifier. This is how it's supposed to work :) | |
| Apr 15, 2021 at 6:15 | comment | added | Mr. Engineer | The purpose of encryption here is to prevent attacker from forging the identifier which is stored in client's browser. Username is a good identifier but it's not secret so encryption is vital here. Can you point out where is the weakness if known-plaintext-attacks do not work? | |
| Apr 14, 2021 at 19:59 | history | answered | kelalaka | CC BY-SA 4.0 |