Thursday, February 02, 2017

[plwpicim] Direct versus indirect encryption

Direct: Ciphertext encrypted with a key.  Key derived from a password.

Indirect: Ciphertext encrypted with a key X.  Key X is encrypted with a key Y.  Key Y is derived from a password.

There are probably more official names for these.

Indirect encryption allows changing the password without having to reencrypt everything, so seems attractive for things like disk encryption or filesystem encryption.  However, it seems more vulnerable to attack.  If the attackers can get a hold of encrypted X, then they can do a password guessing attack against it, which if successful could be useful even after the user changes their password (changing Y).  What other attacks?  What defenses are there?

No comments :