Skip to content

Instantly share code, notes, and snippets.

@hamsolodev

hamsolodev/deft-113.md

Created October 29, 2013 02:29
Show Gist options
  • Save hamsolodev/7208258 to your computer and use it in GitHub Desktop.
Save hamsolodev/7208258 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deft-113.md

Nice illustration of importance of MAC use in encryption

Without use of MAC, it’s easy to mess with the IV to change the result of “successfully decrypting” ciphertext.

First, create some plaintext:

echo Give Eve \$500 > plaintext.dat

cat plaintext.dat

Give Eve $500

And examine a hex dump of the file, too:

od -x plaintext.dat

0000000 6947 6576 4520 6576 2420 3035 0a30 0000016

Now, encrypt the file:

openssl enc -aes-128-cbc -iv 00000000000000000000000000000000 -pass pass:hunter2 -in plaintext.dat -out ciphertext.dat

And examine a hex dump of the file:

od -x ciphertext.dat

0000000 6153 746c 6465 5f5f 016e 23d6 26d4 d3eb 0000020 eb89 ff1c cce9 8e02 6597 63a8 84db 1b2e 0000040

Check out the file can be decrypted:

openssl enc -d -aes-128-cbc -iv 00000000000000000000000000000000 -pass pass:hunter2 -in ciphertext.dat

Fun stuff

Now, muck around with the IV!

openssl enc -d -aes-128-cbc -iv 00000000000000000000030000000000 -pass pass:hunter2 -in ciphertext.dat

Give Eve $600

openssl enc -d -aes-128-cbc -iv 00000000000719070000030000000000 -pass pass:hunter2 -in ciphertext.dat

Give Bob $600

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment