Comparing encryption techniques RSA, Blowfish, etc?

MrUmunhum · 02-28-2017, 02:38 PM

Hi group,

I am writing a peer to peer C program and tried using RSA. I found during testing that RSA has a big problem. In my test program

Code:

int main() {  // main()

  char Key[] = "1234567890";
  unsigned  char Out[1024];
  unsigned  char In[ 1024];
  int       RC, L, RSA_Len;

  RSA *My_RSA = RSA_new();
  BIGNUM *bne = BN_new();
  BN_set_word( bne, RSA_F4 ); 
  
  RC = RSA_generate_key_ex( My_RSA, 2048, bne, NULL );
  BN_free( bne );
  
  if( RSA_check_key( My_RSA ) != 1 )  {
     printf( RED "RSA Make Key Failed\n" OFF );
     return 1;  }
  else printf( BLUE "RSA check key good\n" OFF );

  L = strlen( Key );
  printf ( BLUE "Key: %s" OFF, Key );
  Dump( Key, L );
 
  RSA_Len = RSA_public_encrypt( L,
				(uchar*) Key,
				(uchar*) In,
				My_RSA,
				RSA_PKCS1_OAEP_PADDING );

  printf( BLUE "Encrypted: %d" OFF, RSA_Len );
  Dump( In, RSA_Len );

  int Out_Len;
  Out_Len = RSA_private_decrypt( RSA_Len, RSA_PKCS1_OAEP_PADDING );
  
  printf( BLUE  "Decrypted: %d" OFF, Out_Len );  
  Dump( Out, Out_Len );

  if( !strcmp( (char *)Key, (char *)Out ) )  {
     printf(   "Encrypt/Decrypt failed\n" );  }
  else printf( "Encrypt/Decrypt Passed\n" );

  return 0;  }

I found that RSA created a 256 byte message from a 10 byte input string. I was told that this is due to padding? Further read says that RSA without padding is insecure?

This seams like a real drawback to using RSA? Is there a way to use RSA and not create such a network intense load?

Thanks for your time.

sundialsvcs · 02-28-2017, 03:27 PM

Padding is used to increase the security of RSA. See: this StackExchange post and this one.

Quote:

Textbook (non-padded ...) RSA has no semantic security, therefore it is not secure against chosen plaintext attacks or ciphertext attacks. This is because, respectively, it is deterministic (encrypting the same message twice produces the same ciphertext) and multiplicatively homomorphic (an encrypted values can be multiplicatively modified under encryption).

Don't be concerned if the ciphertext is longer than the plaintext: this is by design, and "surely your network can handle it."

As far as cryptographic security is concerned, the general rule is that "the cipher, itself" is never what actually fails. Instead, it's something about key management. Therefore, whenever possible, use an encryption suite that handles everything ... "aye, from beginning to end" ... in standard, peer-reviewed ways. Then, implement the suite in your application precisely as is recommended. Secure communications is "ook big voodoo," and these cats know what they're talking about.

All of the currently available civilian-grade encryption systems are sincerely believed (cryptographers never say "known") to provide more-than-enough security "for civilian purposes,", provided that they are deployed in precisely the right way. It matters far less "which [modern ...] cipher you pick," than that you deploy the cipher the total communications infrastructure correctly.

(Yes, "your tax dollars are at work." NSA etc. is very heavily involved in cipher system peer-review. Part of their mission is to provide support and expertise to civilian communications security and best-practices.)

astrogeek · 02-28-2017, 03:48 PM

Quote:

Originally Posted by MrUmunhum

I found that RSA created a 256 byte message from a 10 byte input string. I was told that this is due to padding? Further read says that RSA without padding is insecure?

A ten byte encryption of a ten byte input string can be NOTHING other than character and/or bit transpositions... easily brute forced and trivial to break regardless of how clever the transposition algorithm might be.

ONE of the things that encryption does is to conceal all knowledge of the encrytped message length by padding at some point in the encryption process.

MrUmunhum · 02-28-2017, 03:54 PM

Excellent comments. Thanks.

ntubski · 02-28-2017, 08:09 PM

Quote:

Originally Posted by MrUmunhum

Is there a way to use RSA and not create such a network intense load?

You encrypt only a single symmetric key with RSA, then use the symmetric algorithm to encrypt the rest of your data. No practical system uses just RSA by itself.

https://en.wikipedia.org/wiki/Hybrid_cryptosystem

sundialsvcs · 03-01-2017, 08:34 AM

Quote:

Originally Posted by ntubski

You encrypt only a single symmetric key with RSA, then use the symmetric algorithm to encrypt the rest of your data. No practical system uses just RSA by itself.

https://en.wikipedia.org/wiki/Hybrid_cryptosystem

... and this is exactly what well-known systems such as PGP® or GPG already do [for you].

The world of crypto is fraught with traps for the earnest and well-meaning "do it yourselfer," including for example how the symmetric key is chosen, and how it is periodically changed (during a telecommunications session). All the more reason to use an industry-standard, peer-reviewed library to perform the total task of encryption and key-management.