Is my encryption vulnerable if the attacker knows a text start pattern? [CBC] #688

LeonardoReichert · 2022-12-02T03:00:34Z

LeonardoReichert
Dec 2, 2022

Hello!

Could an attacker get lucky if he knows that my message starts with a 64-length hexadecimal pattern?

in my case I save the original message with its sha256:

encrypt: message sha256 + message, padding

(the iv is not secret)

The entire encryption method will be public, and the IV vector will be public.

My concern is if I share my encrypted bytes and also to the vector

from Crypto.Cipher import AES;
from Crypto.Util.Padding import pad;
from Crypto.Random import get_random_bytes;
from hashlib import sha256;


textPlain = input("Enter text plain: ").encode(); #(secret)
shaMsg = sha256(textPlain).hexdigest();

password = pad(b"APasswordExample", 16, "iso7816"); #(secret)

iv = get_random_bytes(16); #(no secret, public)

secretBytes = shaMsg.encode()+textPlain;
secretBytes = pad(secretBytes, 16, "iso7816");

cip = AES.new(password, AES.MODE_CBC, iv);
encrypted = cip.encrypt(secretBytes);  #(public)

Also ask the question here:
https://stackoverflow.com/questions/74650276/is-cbc-128bit-encryption-vulnerable-if-i-expose-a-start-of-text-pattern
I'm not trying to spam, sorry

Thanks !

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is my encryption vulnerable if the attacker knows a text start pattern? [CBC] #688

{{title}}

Replies: 0 comments

Select a reply

Is my encryption vulnerable if the attacker knows a text start pattern? [CBC] #688

LeonardoReichert Dec 2, 2022

Replies: 0 comments

LeonardoReichert
Dec 2, 2022