[Vulnerability] Repeating patterns in encrypted files #4

TypicalHog · 2018-06-09T16:11:45Z

When the file is split into 256-byte blocks attacker can identify the blocks or parts of blocks that contain the same data (but not the data itself). Every individual byte with the same value and the same relative position in the block will always encrypt to the same output value, attacker will encounter false positives but this could still be very helpful to them.

Example with 4-byte blocks:

AAAAABCDGFGAAAAA -> FABDFCCEABADFABD (it might look random at first glance, but it's not)

Input:  [(A)AA(A)] (A)BCD GFG(A) [AAAA]
Output: [(F)AB(D)] (F)CCE ABB(D) [FABD]

This will be fixed in the future release.

The text was updated successfully, but these errors were encountered:

TypicalHog · 2018-06-18T15:42:38Z

This can be fixed by chaining the blocks together or by encrypting the key with itself after each 256-byte chunk of plaintext.

TypicalHog added enhancement vulnerability labels Jun 9, 2018

TypicalHog self-assigned this Jun 9, 2018

TypicalHog changed the title ~~[Vulnerability] Repeating patterns within 256-byte blocks~~ [Vulnerability] Repeating patterns within the encrypted file Jun 9, 2018

TypicalHog changed the title ~~[Vulnerability] Repeating patterns within the encrypted file~~ [Vulnerability] Repeating patterns in the encrypted file Jun 9, 2018

TypicalHog changed the title ~~[Vulnerability] Repeating patterns in the encrypted file~~ [Vulnerability] Repeating patterns in encrypted files Jun 10, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Vulnerability] Repeating patterns in encrypted files #4

[Vulnerability] Repeating patterns in encrypted files #4

TypicalHog commented Jun 9, 2018

TypicalHog commented Jun 18, 2018

[Vulnerability] Repeating patterns in encrypted files #4

[Vulnerability] Repeating patterns in encrypted files #4

Comments

TypicalHog commented Jun 9, 2018

TypicalHog commented Jun 18, 2018