Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks! .
.
Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :pOn Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks! .
I wouldn’t increment the IV. Generate a random one.
The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bit
counter intuitive IMHO.
You could use something like
local ivLength = 16 -- or whatever you need/want
for i = 1 , ivLength
do
iv = iv .. string.char(math.random(32,126))
end
Does that help?
Sent from Mail for Windows 10
From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer
No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:
Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. Virus-free. www.avast.com
Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p
On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:
Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!
I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. rpaprocki My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!. martinbuchler79 Thank you, that looks like a good route to take. On Thursday, February 15, 2018 at 11:41:33 PM UTC+1, rpaprocki wrote:My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
My mistake, I missed your reference to CTR mode in your first message.Anyway, if the question is "how do I increment a hex-encoded value", Lua's tonumber() can read hex strings when given a base of 16. So you can convert the IV to a number type and do the arithmetic you need from there.On Thu, Feb 15, 2018 at 2:27 PM, Martin Buchler <martinb...@gmail.com> wrote:I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I think you misunderstand - please have a look at https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)On Thursday, February 15, 2018 at 11:17:55 PM UTC+1, rpaprocki wrote:You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
You're misunderstanding how CBC and IVs work. The IV is only needed as an initial vector (hence its name) to act as the XOR pair for the first block of text. During decryption any subsequent blocks in the ciphertext message only rely on the value of the previous ciphertext block, not the decrypted value of that block. So the IV here is useless. The IV is not adjusted at all during the decryption routine.Perhaps think more closely and carefully about the system you're designing here, and ask yourself some questions about what you're doing, why you're doing it, and if there's maybe a saner way to achieve your goal. Morbid curiosity begs the question of what you're trying to accomplish.On Thu, Feb 15, 2018 at 1:54 PM, Martin Buchler <martinb...@gmail.com> wrote:I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I might not have expressed myself clearly, sorry: the IV is determined by the file I am trying to decrypt, as well as the key (obviously). But I am not decrypting the file from the beginning, where I could just use the IV I have, but from somewhere in the middle. Thus I need to adjust the IV the same way the decryption algorithm would have, which is incrementing the IV by the number of rounds skipped. I hope that explains my requirement more clearly.On Thursday, February 15, 2018 at 10:34:11 PM UTC+1, rpaprocki wrote:If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
If the IV should be unpredictable at encryption time, shouldn't the IV be generated from a secure source? math.random is not a CSPRNG; it would be little better than using an incrementing value if the RNG state were to be compromised/leaked.On Thu, Feb 15, 2018 at 1:17 PM, Ian Biggs <ibi...@f2s.com> wrote:I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
I wouldn’t increment the IV. Generate a random one. The purpose of the IV is to break up repeated sequences so using a regular pattern to increment the IV is a bitcounter intuitive IMHO. You could use something like local ivLength = 16 -- or whatever you need/want for i = 1 , ivLength do iv = iv .. string.char(math.random(32,126))end Does that help? Sent from Mail for Windows 10 From: Martin BuchlerSent: 15 February 2018 20:49To: openresty-enSubject: Re: [openresty-en] Easiest way to increment initialization vector by integer No, I'm using the crypto lib that lua-resty-string provides. However, I don't think there's something available already that fits my needs.On Thursday, February 15, 2018 at 9:14:34 PM UTC+1, rpaprocki wrote:Are you rolling your own crypto lib in Lua? Is there any reason you can't use an existing library, either written in pure Lua or via some C/FFI binding? There's not a lot of detail to go on in this message, but it's scary to think about the consequences of what this could lead to. The answer to 'how do I roll my own crypto lib' is always 'dont'. :p On Thu, Feb 15, 2018 at 12:05 PM, Martin Buchler <martinb...@gmail.com> wrote:Hi,I need to increment an initialization vector by an integer value. The iv is present as a hex string, e.g. "1234567890abcdef". Since I want to decrypt an AES CTR ciphertext, and I am skipping the first X bytes, I need to increment the iv by X. Any suggestions on how to do this efficiently?Thanks!.
