in reply to Customer data encryption

I just have time for a quick note/correction.

Output is encrypted using this key with a fast symmetric method i.e. Crypt::CBC(?)

Most ciphers encrypt small, fix-sized blocks. (Usually blocks of exactly 8 or 16 bytes.) Crypt::CBC provides padding (for when the length isn't a multiple of the required block size) and chaining (for when there is more than one block of data).

Crypt::CBC adds two measures of security. Each block is encrypted with a different key, and salt is added (causing a plaintext to result in a different cyphertext every time it's encrypted).

In short, Crypt::CBC converts a block cipher (AES, Blowfish, etc) into a stream cipher in a safe fashion. Crypt::CBC is *not* a cipher itself. It only provides the previously mentioned features. Modules such as Crypt::Rijndael (aka AES), Crypt::Blowfish and Crypt::Twofish provide the actual encryption.

Block ciphers (such as Crypt::Rijndael, Crypt::Blowfish, Crypt::Twofish) should not be used directly. They should be used through Crypt::CBC.

  • Comment on Re: Customer data encryption (Crypt::CBC)

Replies are listed 'Best First'.
Re^2: Customer data encryption (Crypt::CBC)
by 0xbeef (Hermit) on Feb 25, 2007 at 13:42 UTC
    Thanks, I understand this better now. I'd probably want to use AES-256 in this case. I should have said that I'm planning to use Crypt::CBC with a Rijndael cipher