<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Feb 18, 2014 at 12:35 AM, <span dir="ltr"><<a href="mailto:mkobetic@gmail.com" target="_blank">mkobetic@gmail.com</a>></span> wrote:<br>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><span style="font-family:arial,sans-serif;font-size:13.333333969116211px">With stream ciphers (or block cipher in modes that emulate a stream cipher, e.g. OFB, CTR) you absolutely must not reuse the same key to encrypt different data (</span><a href="http://en.wikipedia.org/wiki/Stream_cipher_attack" target="_blank" style="font-family:arial,sans-serif;font-size:13.333333969116211px">http://en.wikipedia.org/wiki/Stream_cipher_attack</a><span style="font-family:arial,sans-serif;font-size:13.333333969116211px">). You could try to devise a way to avoid re-using the exact same key, e.g. generate the encryption key by mixing in a unique id of the field that you're encrypting along with the password, but unless you really know what you're doing, it's quite easy to make a fatal mistake in your design. Best way to do this is to stick with standard solutions. You're trying to use passwords for encryption, so your standard options would be PKCS#5, bcrypt or scrypt.</span><br>
</div></blockquote><div><br></div><div>Martin had a fantastic presentation a few years ago at StS (or was it ESUG) where he started off showing slides based on a stock yellow-on-blue Powerpoint template. It was about how to use VisualWorks encryption packages; interesting from a technical point of view, but visually pretty dull. Then he starts demonstrating by selecting regions of his slides and encrypting them on the spot. The encrypted areas were just rectangular holes in the slide filled with noise. Then he selected two regions of the slide, encrypted them with the same key, and xored them together. Despite the overlap of the two regions, you could easily make out the content of the slide. It was the best demonstration of a mathematical concept I've ever seen.</div>
<div><br></div><div>Colin</div></div></div></div>