2

I want to apply an AES 128b encryption (probably CBC + Padding) on a data stream.
In case it matters, I'm sending chunks of around 1500bits each.
I work in Python, and I did a small test with M2Crypto with AES encrypt in one side and decrypt at the other side. It works perfect, but probably don't really secures anything since I use the same key, same IVS and all that.
So, the question is: What the best approach for AES encryption on large data streams?
I thought about loading a new 'keys' file from time to time. Then, the application will use this file to expend and extract AES keys or something like that, but it still sounds awful to build a new AES object for each chunk, so there must be a better way.
I believe I can also use the IVS here, but not quite sure where and how.

The_spider
  • 1,202
  • 1
  • 8
  • 18
RoeeK
  • 1,112
  • 12
  • 23
  • Consider whether the security provided by AES would be worth the added complexity. – Nick ODell Jun 12 '11 at 08:27
  • @RoeeK: what's your setup? Do you control the machines? Have you considered setting up an SSH tunnel that would take care of encryption and authentication? – André Paramés Jun 12 '11 at 09:44
  • @Andre: yes, i control everything. the thing is that i want an option to set the key-len, i want both sides could be linux/windows, and i'm transferring big amounts of data in realtime with small bandwidth, and i don't know if ssh tunnel can be used for this. is it? and with ssh tunnel it won't use the same key twice? – RoeeK Jun 12 '11 at 11:39
  • @RoeeK: well, you can set the key len from a bunch of option, including "aes256-cbc", and it can be used on both Linux and Windows, but I'm not sure how it would handle that kind of traffic. You could try it though, it's very easy to create a pair of keys and set up a tunnel, and there are plenty of tutorials out there. – André Paramés Jun 12 '11 at 11:48
  • @André: i already started to check it. but thats a less preferred way - i'm really trying to build as much as i can by my self. specifically, with Python, working with tunnel does have some advantages, but it still sounds like a 'delayer'.. – RoeeK Jun 12 '11 at 11:54
  • It seems like the RSA will take too much usage for my simple CPU. maybe there's an AES tunnel? i'm checking it now.. – RoeeK Jun 12 '11 at 12:04
  • @RoeeK: See http://docs.python.org/dev/library/ssl.html . You should also look up on how to use PKI to transfer the AES key (generated randomly) securely. If you really want to implement it yourself, I recommend that you read a book about the subject, like Applied Cryptography; encryption is only as secure as its weakest link. – André Paramés Jun 12 '11 at 12:06
  • i think that's basically what i had in mind - use PKI to transfer "set of AES keys" because i don't wont to relay only on one key. so i want every x data chunks to switch "key". so my question is what actually should i change? the Key? the Iv? i want to extract as many "keys" as possible from the given 'set of keys'. – RoeeK Jun 13 '11 at 07:08

0 Answers0