0

I have a backup script that encrypts everything using AES 256

Every day, I generate a random binary file as the password, and encrypt this random file with my public key.

Until now, I printed the SHA256 hash of the unencrypted file on the log, but today I thought that, maybe, the SHA256 of unencrypted data can be used to help a brute force attack to decrypt the password file.

This is how I encrypt the random file:

openssl rsautl -encrypt -pkcs -inkey key.pub -pubin -in random.bin -out random.enc

do you think this has some sense?

Javier Loureiro
  • 101
  • 1

1 Answers1

1

It generally on your threat model!

For example, if the two files are identical before encryption, then correct encryption will yield two different files, but two identical hashes before encryption. As a result, an attacker can know that these two encrypted files, while looking different, have the exact same plain text. Is that a problem for your use case? You have to decide.

Further, it depends on the kinds of files you encrypt, and what your attacker knows about them. If these files are in a structure known to the attacker and have very little entropy, then a brute-force attack could be a valid attack vector. This, for example, is a problem if your file looks basically like this:

Employee #1234 received 2501 USD.

Just by plugging in an employee number and brute-forcing the right side, you'd quickly end up with the "correct" sum.

On the other hand, if your files are quite large and very random (e.g. images, videos, spreadsheets, etc.), then a brute-force search becomes infeasible very quickly.