[erlang-questions] Erlang - Java symmetric encryption

Jesper Louis Andersen jesper.louis.andersen@REDACTED
Fri Mar 6 01:53:29 CET 2015


On Thu, Mar 5, 2015 at 7:45 PM, Antonis Kouzoupis <kouzan@REDACTED> wrote:

> What I want is to produce the same key both in mobile (java) and in server
> (erlang),
> Supposedly that the salt is the same. I use the erlang-pbkdf2 [0] module
> to generate
> the key in server and bouncy castle in java. Also I use AES in CTR mode in
> both
> sides to encrypt/decrypt, again the IV is known to both sides. So far the
> decrypted ciphertext on server is not the same as the cleartext on mobile.
> Can you give me any hint on how to correctly produce the same key (password
> based) both in Erland and in Java?
>

I'm not really sure what your goal is cryptographically in this scheme.
Clearly, one of the steps doesn't agree and this is why it fails, but what
are you trying to achieve in the first place? Having a "naked" symmetric
key with no way to replace it per session will make you quite susceptible
to a global passive adversary since the scheme has no forward secrecy.

Alternatively, look for a SRP implementation since it has provable
zero-information loss once the key is initially set up on the server. But
this depends on what your goals are.


-- 
J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150306/92fcd9bf/attachment.htm>


More information about the erlang-questions mailing list