security - Can I use PBKDF2 to generate an AES256 key to encrypt and implicitly authenticate? -


i have 2 devices , want set secure communication channel between them. shared secret (7- 20- character ascii) passphrase. if use pbkdf2 (from rfc 2898) common salt, iterations, , passphrase generate aes256-cbc key , iv on both sides, think can authenticate user , provide encrypted channel in 1 step. true, or there reason why i've seen people use pbkdf2 verify passwords?

my reasoning both sides need know passphrase generate same key , iv. if device b can decrypt data device a, both have demonstrated have same passphrase.

pbkdf2 fine way generate common key shared secret (you should not generating iv in such way though - iv should random, , sent alongside ciphertext).

however, cbc not authenticating cipher mode. because attacker can take encrypted message , make predictable modifications it, without needing able read message or know key. such attacks have broken real world systems in past.

you can use authenticating cipher mode, galois counter mode (gcm) instead of cbc.

an alternative encrypt-then-mac. use pbkdf2 2 different salts generate 2 different keys - first data encrypted using cbc first key, , hmac calculated on ciphertext using second key.

you need use single-use-nonces prevent replay attacks.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more