The initial vector is transmitted directly in plaintext

Question

The initial vector is transmitted directly in plaintext

HUANGChaoLi opened this issue 6 years ago · 4 comments

func (c *Conn) Write(b []byte) (n int, err error) {
	var iv []byte
	if c.enc == nil {
		iv, err = c.initEncrypt()
		if err != nil {
			return
		}
	}

	cipherData := c.writeBuf
	dataSize := len(b) + len(iv)
	if dataSize > len(cipherData) {
		cipherData = make([]byte, dataSize)
	} else {
		cipherData = cipherData[:dataSize]
	}

	if iv != nil {
		// Put initialization vector in buffer, do a single write to send both
		// iv and data.
		copy(cipherData, iv)
	}

	c.encrypt(cipherData[len(iv):], b)
	n, err = c.Conn.Write(cipherData)
	return
}

The format is fixed like: | iv | ciphertext |, so the initial vector will be known, and it does not play its role.
Maybe it's safer to use the Diffie-Hellman key exchange algorithm in the shake phase.

Answer 1 · 2018-11-22T03:39:39.000Z

TCP is a stream for both side. You can’t read explicitly part of the stream without more informations. Have an awesome day ✉️✉️✉️✉️✉️✉️✉️✉️✉️✉️✉️✉️ Arthur lee Sent from my iPhone

…

On Nov 22, 2018, at 11:03 AM, ChaoLi ***@***.***> wrote: func (c *Conn) Write(b []byte) (n int, err error) { var iv []byte if c.enc == nil { iv, err = c.initEncrypt() if err != nil { return } } cipherData := c.writeBuf dataSize := len(b) + len(iv) if dataSize > len(cipherData) { cipherData = make([]byte, dataSize) } else { cipherData = cipherData[:dataSize] } if iv != nil { // Put initialization vector in buffer, do a single write to send both // iv and data. copy(cipherData, iv) } c.encrypt(cipherData[len(iv):], b) n, err = c.Conn.Write(cipherData) return } The format is fixed like: | key | ciphertext |, so the plaintext is equivalent to no encryption. Maybe it's safer to use the Difie-Hellman key exchange algorithm in the shake phase. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

Answer 2 · 2018-11-22T03:55:31.000Z

If the entire connection is monitored, then all information will be cracked.
Because I can get the key in the stream, this maybe vulnerability.

Thanks for your listening.

Answer 3 · 2018-11-22T03:57:43.000Z

Nope. Shadowsocks hand shake is encrypted by given cipher. Have an awesome day ✉️✉️✉️✉️✉️✉️✉️✉️✉️✉️✉️✉️ Arthur lee Sent from my iPhone

…

On Nov 22, 2018, at 11:55 AM, ChaoLi ***@***.***> wrote: If the entire connection is monitored, then all information will be cracked. Because I can get the key in the stream, this maybe vulnerability. Thanks for your listening. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

Answer 4 · 2018-11-22T04:07:04.000Z

Oh, I made a mistake, I mean the initial vector will be known, this maybe vulnerability.
So the mode is equivalent to ECB mode and the initial vector does not play its role.