The reason why this behaves as you described in the question is because your plain text (4 bytes / 32 bits) is four times as small as the size the cryptographic engine works on for your chosen AES mode (128 bits) and also reusing the same instance of the crypto object. Start with a new crypto object for new operations # Reset counter and instantiate a new crypto object for decryptionĭecrypto = AES.new(key, AES.MODE_CTR, counter=countf) # Instantiate a crypto object first for encryptionĮncrypto = AES.new(key, AES.MODE_CTR, counter=countf) Key = Random.get_random_bytes(32) # 256 bits key
#Encrypto .crypto 64 Bit
# 64 bit nonce + 64 bit counter = 128 bit output P圜rypto has a Counter class that can do this for you. You also need to use a proper counter function that combines a nonce with a counter value that increases each time a new block of keystream is generated.
Your issue will be solved by instantiating a new crypto object for the decryption, as well as resetting the counter and keystream position. You have to reset the state of the cipher before performing an operation on a new stream of data (or another operation on it), as the original instance will no longer be in the correct initial state.
This is really bad! You should not use AES-CTR this way - it's equivalent to simple XOR encryption with a 16 byte repeating key, which can be broken pretty easily. The first four bytes (as well as all the others) of each XOR key block are the same, so when you call decrypt this time, it gives you back the plaintext. Instead, you can see the first four bytes of the 16 byte block in the first result, and the second four bytes in the second result.Īfter you've used up the 16 byte block of XOR key by performing four operations on four-byte values (for a 16 byte total), a new block of XOR key is generated. If this were to work the way you wanted, the result of both of those operations should be the same. This can also be observed by encrypting and decrypting null bytes: > crypto.encrypt('\x00' * 4) You also don't reset the cipher's state before performing decryption, so the 4 bytes of ciphertext are decrypted against the next 4 bytes of XOR key from the first output stream block. You can observe this by encrypting 16 null bytes repeatedly: > crypto.encrypt('\x00'*16) The reason why this behaves as you described in the question is because your plain text (4 bytes / 32 bits) is four times as small as the size of the key stream blocks that the CTR cipher outputs for encryption (16 bytes/128 bits).īecause you're using the same fixed value over and over instead of an actual counter, the cipher keeps spitting out the same 16 byte blocks of keystream.
#Encrypto .crypto how to
I'm going to elaborate on explanation of why the cipher behaved the way it did in the original question (my edit was rejected), but also point out that setting up the counter to return a static value is a major flaw and show how to set it up correctly.
0 kommentar(er)
