When AES(☢) = ☠ – a crypto-binary trick

That was a great read. I saw the title and figured it would quickly go over my head but it&#x27;s all pretty understandable.<p>Does anyone know where I can download the src to have a look through?<p>Edit: found it <a href="https://code.google.com/p/corkami/source/browse/#svn%2Ftrunk%2Fsrc%2Fangecryption" rel="nofollow">https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;corkami&#x2F;source&#x2F;browse&#x2F;#svn%2Ftrunk...</a>

There&#x27;s also a word play in the title. &quot;AES&quot; transliterates to &quot;АЭС&quot; (acronym for &quot;<i>А</i>томная <i>Э</i>лектро<i>с</i>танция&quot;) in Russian (and some other Slavic languages), which means &quot;nuclear power plant&quot;. Thus, the &quot;☢&quot; sign.

Actual link: <a href="https://speakerdeck.com/ange/when-aes-equals-episode-v" rel="nofollow">https:&#x2F;&#x2F;speakerdeck.com&#x2F;ange&#x2F;when-aes-equals-episode-v</a>

Recording of the talk: <a href="http://podcast.raumzeitlabor.de/#wbHkVZfCNuE" rel="nofollow">http:&#x2F;&#x2F;podcast.raumzeitlabor.de&#x2F;#wbHkVZfCNuE</a>

That&#x27;s amazing. Didn&#x27;t think it&#x27;s even possible, however it turns out to be surprisingly simple. Also, laughed out loud because of that guy&#x27;s twitter nickname on the 3rd slide.

Cool trick, I have encountered something like this in a steganography wargame before, the only difference is they used Base64 encoding on the original picture instead of AES :)

Does any one know the name of the hex editor used in these slides, the one showing the PNG chunks and JPEG information?

A good example of why a MAC after encryption is also needed. And blocking length extension attacks.

I love the &quot;HexII&quot; hex-dump format he links to, it&#x27;s so much less cluttered than the traditional one. I&#x27;m definitely going to have to try that out the next time I&#x27;m picking apart some binary file.

this is awesome. now I hide secret information in a seemingly innocent image. no one would want to use AES to decrypt it if the image looks fine.

Where do you store the IV? Do you just append it at the end of the file?

What&#x27;s the benefit of AES using such small blocks?

impressive! a very cool hack!

Impressive.<p>That&#x27;s also the reason why one should limit the max-length of a password field (something reasonable), if one is using the <i>salted-password in db</i> approach. Otherwise someone could enter a very long password to do the trick (MD5&#x2F;SHA1), see <a href="http://en.wikipedia.org/wiki/MD5#Security" rel="nofollow">http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;MD5#Security</a> .