search

ricmoo / pyaes

Pure-Python implementation of AES block-cipher and common modes of operation.
MIT License
458 stars 143 forks source link

What should I read to learn more about AES? #25

Open angeloped opened 5 years ago

angeloped commented 5 years ago 
import pyaes, base64
from hashlib import md5

mykey="holeaaaaaaaaaaaaaaaaaaaaaaaaaa"
yourkey="holeeaaaaaaaaaaaaaaaaaaaabcaaaa"

class ENCRYPTION:
    def __init__(self,key):
        self.salt256 = "theseaissaltyb8ecbaacbd68de040cd78eb2ed5889130cceb4c49268ea4d506"
        self.aes = pyaes.AESModeOfOperationCTR(md5((self.salt256+key).encode()).hexdigest().encode("ascii"))
    def encrypt(self,data):
        return base64.b64encode(self.aes.encrypt(data))
    def decrypt(self,data):
        return self.aes.decrypt(base64.b64decode(data.encode()))

# outputs: f9mzpWBW4w==
revc = ENCRYPTION(mykey).encrypt("shining days")

# outputs: u\xd2\x913\x83dk =or= (u?3dk) when you print
revv = ENCRYPTION(yourkey).decrypt(revc)

# outputs: f9mzpWBW4w==
reve = ENCRYPTION(yourkey).encrypt(revv)

# outputs: shining days
revf = ENCRYPTION(mykey).decrypt(reve)
print(revf)

I decrypt the text then I send to the recipient. The recipient will decrypt it with different/wrong key. The decrypted text will be encrypted using his key. His encrypted message will resend to me.

(since I don't have his key to decrypt his message, I will use mine)

I decrypted his encrypted message using MY KEY. And that message was also my message to him.

I think the issue was started in line: 25 

reve = ENCRYPTION(yourkey).encrypt(revv)
cittyinthecloud commented 5 years ago

This is perfectly normal, if you decrypt the message the message you get garbage, which when re-encrypted gets you the original encrypted message. That's called symmetric encryption.

dancvrcek commented 5 years ago

CTR more is a simple exor of data blocks and “encrypted key” so you can easily change order of encrypt and decrypt operations above and you always get the plaintext at the end. ;)

ricmoo commented 5 years ago

Please keep in mind that AES and the common modes of operation are cryptographic primitives. They are very low level. You should not use them directly if you do not understand what they are designed for and have not researched how to correctly use them. There are many cases of improperly using them that have resulted in leaking information via side-channel attacks. At a minimum, please read the Wikipedia entries on block ciphers and the common modes of operation.

Legorooj commented 5 years ago

https://www.youtube.com/watch?v=NHuibtoL_qk is a great video explaining the maths behind AES.