Question on encryption with RNCryptor

[Andrew Hart]

Hey,

I'm not an expert on encryption so I thought I'd be safest putting my concerns to those who are more familiar.

I've started using RNCryptor in my iOS app. The encryption process may look something like as follows:

    let textData = text.dataUsingEncoding(NSUTF8StringEncoding)

    if textData == nil {
        return nil
    }
   
    let encryptedTextData = RNCryptor.encryptData(textData!, password: encryptionKey)

I have a few concerns:

1. If a user doesn't have access to the encryption key, but there were multiple strings encrypted with the same encryption key, would they be able to figure out what the encryption key is?

2. If a user knows the contents of one of the strings, for example "Test String", would they be able to figure out the encryption key using that knowledge, and thus access the other strings?

3. If yes to 2, would adding a series of random characters to the end of each string (lets say 20 characters) secure me from that type of attack? If someone had that knowledge, would it be easy for them to remove the last 20 characters and decrypt the remaining string?

[Rob Napier]

1. If a user doesn't have access to the encryption key, but there were multiple strings encrypted with the same encryption key, would they be able to figure out what the encryption key is?

No, for several reasons. First, in your code, "encryptionKey" is not a key. It is a password. RNCryptor mixes passwords with a random salt and then stretches the password into a key using PBKDF2. Because of the random salt, no two messages are encrypted with the same key.

Even if you used the key-based encryption methods, and passed the same key, RNCryptor generates a random IV, which prevents two identical messages from encrypting to the same cipher text. This also prevents the attack you're describing.

2. If a user knows the contents of one of the strings, for example "Test String", would they be able to figure out the encryption key using that knowledge, and thus access the other strings?

No, for the same reasons.

3. If yes to 2, would adding a series of random characters to the end of each string (lets say 20 characters) secure me from that type of attack? If someone had that knowledge, would it be easy for them to remove the last 20 characters and decrypt the remaining string?

 

If RNCryptor had this problem, then you would achieve what you're describing by *prepending* those extra bytes to the beginning of the message, not the end. The cipher text of each block is mixed with the next block, so prepending data causes a random cascade through the rest of the message. Those prepended bytes are precisely the IV (the "initialization vector") discussed above, and are exactly how this kind of attack is prevented.

-Rob

--
You received this message because you are subscribed to the Google Groups "rncryptor" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rncryptor+...@googlegroups.com.
Visit this group at https://groups.google.com/group/rncryptor.
For more options, visit https://groups.google.com/d/optout.

--

Rob Napier
Cocoaphony blog -- http://robnapier.net/blog

iOS Programming Pushing the Limits -- http://robnapier.net/book

[Rob Napier]

(Not sure you got copied on the original response.)

BTW, all of your questions are very legitimate attacks against encryption schemes, and many very popular approaches to encryption do suffer these problems. RNCryptor was developed specifically to help people avoid these common mistakes.

-Rob