First draft after proof-reading#412
Conversation
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
The original let's say appears correct?
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
Hm, this is a little funky. Let's replace
Also, do not roll your own cryptosystems. In a secure system, records of Alice and Mallory probably are not encrypted using the same key.
As we'll see later on in the book, just having unpredictable IVs doesn't make a system safe! This is a general argument against rolling your own cryptosystems: a high-quality implementation might have encrypted those records under different keys. Or it could use other controls, like relying on the associated data of an AEAD (which we'll see later) to make sure processes wouldn't perform cryptographic operations on behalf of Mallory that would also have worked for Alice.
There was a problem hiding this comment.
Thanks! This is great. I will make the changes
I have a question on original wording.
In " In a secure system, records of Alice and Mallory probably are not encrypted using the same key.", is there any "secure" system that encrypts different entities with a same key?
src/stream-ciphers.rst
Outdated
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
"as" feels weird here: "because" maybe?
| Many CBC systems set the key as the :term:`initialization vector`. This seems like | ||
| a good idea as you always need a shared secret key. It | ||
| yields a nice performance benefit because the sender and receiver | ||
| do not have to communicate to the IV explicitly. They already know the key |
There was a problem hiding this comment.
"to communicate to the IV" makes no sense; the IV is the object of the communication.
There was a problem hiding this comment.
How about changing from
It yields a nice performance benefit because the sender and receiver do not have to communicate to the IV explicitly.
to
It yields a nice performance benefit because the sender and receiver do not have to exchange the IV explicitly.
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
Again original reads better to me, how about you?
There was a problem hiding this comment.
As a native Korean speaker, it is really difficult dealing with an article (in grammar sense). Korean doesn't have articles.
Long story short, reverted :)
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
"... could just predict the key directly."
| Lesson learned: do not use the key as an IV. Part of the fallacy in the | ||
| introduction is assuming secret data can be in the IV given | ||
| it only has to be unpredictable. This is not true: “secret” is | ||
| just a different requirement from “not secret”. It does not mean a |
There was a problem hiding this comment.
"It does not mean a stronger one" makes no sense to me.
There was a problem hiding this comment.
This is a seoncd "Lesson learned" for attack on CBC mode.
I think this whole paragraph can be reworked a bit. Maybe this can be shortened and just reiterate the importance of picking random, unpredictable IVs.
And add in a general good guide on how to generate random, unpredictable IVs? (I don't know giving a guide is a thing for this book though)
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
Again this new paragraph is overall worse than the original IMO
| sake, lets say there is only one ciphertext block. This means Alice's | ||
| ciphertext consists of an IV and one ciphertext block. | ||
|
|
||
| Mallory can still try to use the application as a normal user, meaning |
There was a problem hiding this comment.
@lvh ,
Line 356 ends with "or ..."
Should this be updated?
There was a problem hiding this comment.
That's intentional, but you could certainly just replace that with a ..
There was a problem hiding this comment.
I'll leave it as the original version.
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
Thanks! This is great. I will make the changes
I have a question on original wording.
In " In a secure system, records of Alice and Mallory probably are not encrypted using the same key.", is there any "secure" system that encrypts different entities with a same key?
src/stream-ciphers.rst
Outdated
src/stream-ciphers.rst
Outdated
| Many CBC systems set the key as the :term:`initialization vector`. This seems like | ||
| a good idea as you always need a shared secret key. It | ||
| yields a nice performance benefit because the sender and receiver | ||
| do not have to communicate to the IV explicitly. They already know the key |
There was a problem hiding this comment.
How about changing from
It yields a nice performance benefit because the sender and receiver do not have to communicate to the IV explicitly.
to
It yields a nice performance benefit because the sender and receiver do not have to exchange the IV explicitly.
src/stream-ciphers.rst
Outdated
src/stream-ciphers.rst
Outdated
There was a problem hiding this comment.
As a native Korean speaker, it is really difficult dealing with an article (in grammar sense). Korean doesn't have articles.
Long story short, reverted :)
src/stream-ciphers.rst
Outdated
src/stream-ciphers.rst
Outdated
2 participants
I still need to read over this one more time