[Botan-devel] Small file ciphering speed
meessen at cppm.in2p3.fr
Thu Sep 18 02:27:22 EDT 2008
don't know how this can fit your needs and with Botan but here are my
Though some informations are missing. Is decoding always sequential and
in the same order ?
Could there be missing/deleted/inserted records in the sequence ?
A single global key is enough if the amount of data is limited and
encrypted data is not much exposed. The security can be increased by
using a different key for each record, but you'll pay it with increased
The key to be used for each record would be a concatenation of a
sequence of random bytes common to all records (salt) and the record
identifier. It is assumed that the record identifier is a constant for a
given record. Encrypt this constructed key with a global key and save
the random bytes to generate the record key secured and hidden with the
global key. It is probably more secure to insert the record indentifier
in the middle and not at any ends of the record key.
For the record itself I would recommend ctr, or better cfb, as chaining
algorithm because they doen't require adding padding bytes and are quite
fast. The trick used to generate the secondary key is the same working
principle used in ctr.
With this method you will be able to decode any record with random
access. Records can be added or deleted. The only constrain is this
constant record identifier.
I don't understand the S2K with 100 hash rounds. If this done for each
record, this is indeed not very efficient.
Mr Diggilin a écrit :
> I'm trying to use botan for encryption and decryption of thousands of
> database rows with very little data (~50 bytes) in them. What I'm doing
> currently takes about 1/4th of a second per field, which is *much*
> slower than would make this practical. I have a few thoughts on how to
> optimize, but I thought I'd ask here first to find out:
> a. What's a good way of doing this with Botan?
> b. What kind of speed can I expect?
> c. I'm using an S2K with 100 hash rounds for each operation, which isn't
> much. Would there be any security concerns if I reused the same key
> (with more rounds) over all of the thousands of entries?
> My current de/ciphering routine as follows:
> auto_ptr<Pipe> Crypto::RunCipher(string Passphrase, wxInputStream * In,
> SecureVector<byte>& Salt)
> Cipher_Dir Dir = (Salt == NULL) ? ENCRYPTION : DECRYPTION;
> KeyAndIV = 100 round s2k;
> SymmetricKey Key(KeyAndIV, KeySize); //256 key
> InitializationVector IV(KeyAndIV + KeySize, IVSize); //128 IV
> auto_ptr<Pipe> Out(new Pipe(get_cipher("Twofish/EAX", Key, IV,
> *In >> *Out;
> return Out;
> botan-devel mailing list
> botan-devel at randombit.net
More information about the botan-devel