On Tue, Feb 18, 2014 at 12:35 AM, <mkobetic at gmail.com> wrote:


> With stream ciphers (or block cipher in modes that emulate a stream
> cipher, e.g. OFB, CTR) you absolutely must not reuse the same key to
> encrypt different data (http://en.wikipedia.org/wiki/Stream_cipher_attack).
> You could try to devise a way to avoid re-using the exact same key, e.g.
> generate the encryption key by mixing in a unique id of the field that
> you're encrypting along with the password, but unless you really know what
> you're doing, it's quite easy to make a fatal mistake in your design. Best
> way to do this is to stick with standard solutions. You're trying to use
> passwords for encryption, so your standard options would be PKCS#5, bcrypt
> or scrypt.
>

Martin had a fantastic presentation a few years ago at StS (or was it ESUG)
where he started off showing slides based on a stock yellow-on-blue
Powerpoint template. It was about how to use VisualWorks encryption
packages; interesting from a technical point of view, but visually pretty
dull. Then he starts demonstrating by selecting regions of his slides and
encrypting them on the spot. The encrypted areas were just rectangular
holes in the slide filled with noise. Then he selected two regions of the
slide, encrypted them with the same key, and xored them together. Despite
the overlap of the two regions, you could easily make out the content of
the slide. It was the best demonstration of a mathematical concept I've
ever seen.

Colin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20140218/5b61c870/attachment.htm