securityencryptionhashcryptographyseed

Which procedure is more secure for encryption using Password and Seed


I am designing a procedure and file format for the encryption application. I came to a point when I need to make a decision regarding the method/workflow of the encryption. I can't make up my mind on pros vs cons of using one approach over another.

Below is an overview of the format structure:

------------------------------------------
| File signature || fixed    | plain     |
|----------------||----------|-----------|
| Algorithm info || fixed    | plain     |
|----------------||----------|-----------|
| Seed           || fixed    | encrypted |
|----------------||----------|-----------|
| Data           || variable | encrypted |
|----------------||----------|-----------|
| CRC            || fixed    | encrypted |
------------------------------------------

Initially, I am going to use SHA-256 for a Hash function and AES-256 for an Encryption algorithm, but later it will be configurable, as the format suggests.

Proposed procedure for creating encrypted container:

  1. Hash(Password) => Key-Pass
  2. Generate random Seed
  3. Key-Pass XOR Seed => Key-Seeded
  4. Encrypt Seed with Key-Pass and store encrypted Seed
  5. Encrypt Data with Key-Seeded and store encrypted Data
  6. Encrypt CRC with Key-Seeded and store encrypted CRC

Questions

A. Do I gain anything from storing encrypted Seed and CRC? Would it be less secure if I store them not encrypted?

B. Is it more or less or no difference in security of using [ Hash(Password + Seed) ] for key generation rather than prosed [ Hash(Password) XOR Seed ] for the final key?

C. A concluding question from two questions above. Would it be better or worse to use the alternative procedure for creating encrypted container:

  1. Hash(Password + Seed) => Key
  2. Store unencrypted Seed
  3. Encrypt Data with Key and store encrypted Data
  4. Store unencrypted CRC (or encrypted)

I guess I would have to store unencrypted Seed in order to regenerate Key on reading back the encrypted content. CRC can be either encrypted or unencrypted.


Solution

  • If you H(password) XOR with the seed, you need to store the seed encrypted, otherwise you will give away the hash. If you give away the hash, people can easily brute force it. That is why salt and a number of iterations is used on most protocols (like PBKDF2).

    You should never save the CRC unencrypted since a CRC gives information about the data within the encrypted container. Same as with a hash as Eacwacer suggested. You are better off using a MAC (also generated with the key generator for instance).

    As you asked for particular answers, I'll answer your questions below:

    A: better store it encrypted B: H(password | seed) is more secure C: difficult to say, the XOR is wrong and the plain CRC too, but I would still go for the second one

    And for the unasked one:

    D: pretty please with sugar on top, use a well known password based encryption algorithm instead and use a cryptographically secure way of integrity checking