Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

On my site, users can download files which are stored on public hosting, so I ne

ID: 647794 • Letter: O

Question

On my site, users can download files which are stored on public hosting, so I need to encrypt them. A downloaded file is divided into blocks of 1 kB and I want encrypt them individually, using the same key. I have read that the best option for performing the encryption is AES, but I don't know which mode should I use.

Also, I want also ask, is using similar keys insecure? If that practice is safe, I needn't generate long keys and store them, because all can have same beginning. The main problem is user could find the encrypted files, then they will have the file both before we perform encryption, and afterways; does this raise the possibility of finding the key?

Explanation / Answer

If you don't allow changes, renames and overwrites then you could create an IV by hashing (e.g. with SHA-256) the unique location of the file. If you want to allow changes/renames/rewrites you could re-encrypt with an IV that also uses the time of the change, if that is unique and stored reliably. That is, if you want to keep the size of the files to the one stated. If you are OK with slightly larger files, it is better to prefix a random IV.

Once you've got your randomized IV then you can encrypt with any secure mode. CBC would be an option, or CTR mode encryption. If you always use exact file sizes then you may be able to forgo padding - only do this if 1KB is the maximum size, otherwise perform PKCS#7 padding. You may reuse your key as long as the IV remains unique. In response to the question, yes, this would be protected against known plaintext attacks.

If your keys are similar then you've got a big problem. You should use random keys or use a password based key derivation function (PBKDF) to derive keys from passwords. Even then, you would require quite a strong password, as offline attacks seem possible.

Related Questions

On its schedule of liquidation, what is the cash balance on March 31? Question 2
Question #2429664
On its website, the Statesman Journal newspaper (Salem, Oregon, 2005) reports mo
Question #3074254
On its website, the Statesman Journal newspaper (Salem, Oregon, 2005) reports mo
Question #3270984
On its website, the Statesman Journal newspaper (Salem, Oregon, 2005) reports mo
Question #3277160
On its website, the Statesman Journal newspaper (Salem, Oregon, 2005) reports mo
Question #3297599
On its website, the Statesman Journal newspaper (Salem, Oregon, 2005) reports mo
Question #3303776
On jan 1 2011, martha carnes, fresh out of college, contributed $10,000 for a 30
Question #2497332
On january 1 2010, Yeargan company obtained an 88,000, seven year 5% installment
Question #2367772
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
On my old 256MB RAM, pc I get this message. (I guess it is quite common) Windows
Next
On national fried butterstick day, Buttercup the dog eats too many fried butters

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.