Five online encryption tools six + outcomes - WTF???

[lukaexpl]

This subject ties into my different ideas of designing a cold storage.

Part of the idea was to store the 24 word seed in randomized order in a bank safe (this should prevent malignant government or bank related parties from stealing my BTC).
In addition to that I would encrypt the order and the instructions to my "heirs" and store it in a dead-man's switch email service.

I do not feel comfortable leaving unencrypted information online in any way shape or form.

So I would like to encrypt the instructions and the order of the seed.

First I looked to PGP but disadvantages are:
1. complicated
2. no user-friendly software
3. error-prone with multiple lines of encryption
4. servers etc.

I thought PGP was an overkill for the problem I have anyway so I thought why not try symmetrical cypher.
To that end I did some searching online and read that AES-256 should be sufficiently strong tool for the job.

To get acquainted with the technology I usually start with an online tool. So I tried encrypting simple messages like "Cheers" with a password "onetwo" under the following pages:

https://aesencryption.net/
https://www.browserling.com/tools/aes-encrypt
https://encode-decode.com/aes256-encrypt-online/

Literally none of the pages came out with the same result.

And the champion is

http://www.bierkandt.org/encryption/symmetric_encryption.php

Which not only does not come up with the same results, but spits out different results every time you click on Encrypt (although the text and the key remain the same).

So could someone with the knowledge of subject please explain what is going on:
1. I am too dumb to use the pages properly
2. I am using wrong settings
3. The pages in question are spitting random junk out
4. something else

Thanks

[1714858170]

1714858170

[1714858170]

1714858170

[1714858170]

1714858170

[1714858170]

1714858170

[DannyHamilton]

AES is a block cipher.  It operates by breaking the original data into blocks of 128 bits, and then cycling through those blocks.

I suspect that each of those options you used are using different modes of operation, or using different methods of padding out the original data to be an exact multiple of 128 bits.

[aleksej996]

You can use openssl on Linux.

Running "openssl enc -aes-256-cbc -in unencryptedfile.txt -out encrytpedfile.txt" will prompt you with a password to encrypt the unencryptedfile.txt with AES256 and put that encrypted file int the encrytpedfile.txt

To decrypt you run "openssl enc -d -aes-256-cbc -in encryptedfile.txt -out unencryptedfile.txt".
Note: omitting -in or -out arguments will assume stdin and stdout respectively.

[DannyHamilton]

Running "openssl enc -aes-256-cbc -in unencryptedfile.txt -out encrytpedfile.txt" will prompt you with . . .

Exactly.  See that "cbc" in the "-aes-256-cbc", that indicates "Cipher Block Chaining" as the mode of operation.

Some other options in openssl are:
-aes-256-cfb8
-aes-256-cfb
-aes-256-ecb
-aes-256-cfb1
-aes-256-ofb

[lukaexpl]

Thanks for the help.

I did some reading and understood how wrong I was about the deterministic nature of those cyphers.
Still the problem is relatively simple, but a simple solution nowhere in sight.

Encrypt the message (with symmetrical encryption), store it online to be emailed in case of my vanishing, give the password to your "heirs" and tell them simple instructions and point them to thousand tools that all do the same job of decrypting.

How can a technically non-savvy person expect to wade through multiple pages with gazillion settings before stumbling upon one that should decipher the message?

[lukaexpl]

Thanks for the help.

I did some reading and understood how wrong I was about the deterministic nature of those cyphers.
Still the problem is relatively simple, but a simple solution nowhere in sight.

Encrypt the message (with symmetrical encryption), store it online to be emailed in case of my vanishing, give the password to your "heirs" and tell them simple instructions and point them to thousand tools that all do the same job of decrypting.

How can a technically non-savvy person expect to wade through multiple pages with gazillion settings before stumbling upon one that should decipher the message?

And how can I be sure that whatever I encrypt with whatever alghoritam will be decryptable when I COULD NOT FIND ANY COMBINATION OF 2 DIFFERENT PAGES THAT CAN ENCRYPT/DECRYPT EACH OTHER'S RESULTS?

That means that I am relying solely on the existance of one particular page to decrypt the message. Should it vanish, so does the possibility of ever decrypting the message.
I find it very unsettling that such tools are not available.

[aleksej996]

Exactly.  See that "cbc" in the "-aes-256-cbc", that indicates "Cipher Block Chaining" as the mode of operation.

Some other options in openssl are:
-aes-256-cfb8
-aes-256-cfb
-aes-256-ecb
-aes-256-cfb1
-aes-256-ofb

Yeah. ECB is apparently no good, since it encrypts every block with the same key and the ciphertexts end up the same. I don't remember about the rest of them, but CBC is the one I decided to use for some reason.

Thanks for the help.

I did some reading and understood how wrong I was about the deterministic nature of those cyphers.
Still the problem is relatively simple, but a simple solution nowhere in sight.

Encrypt the message (with symmetrical encryption), store it online to be emailed in case of my vanishing, give the password to your "heirs" and tell them simple instructions and point them to thousand tools that all do the same job of decrypting.

How can a technically non-savvy person expect to wade through multiple pages with gazillion settings before stumbling upon one that should decipher the message?

And how can I be sure that whatever I encrypt with whatever alghoritam will be decryptable when I COULD NOT FIND ANY COMBINATION OF 2 DIFFERENT PAGES THAT CAN ENCRYPT/DECRYPT EACH OTHER'S RESULTS?

That means that I am relying solely on the existance of one particular page to decrypt the message. Should it vanish, so does the possibility of ever decrypting the message.
I find it very unsettling that such tools are not available.

You really should rely on any online website. It isn't secure anyway to use a website to decrypt and encrypt your secrets.
Better use an open source software like PGP or openssl. I know it seems a bit difficult, but it really isn't anything special. You can use them with like only one command, so I really don't think it is hard to learn that. Just leave the unencrypted instructions next to your encrypted document and give keys to the heirs.

[lukaexpl]

You really should rely on any online website. It isn't secure anyway to use a website to decrypt and encrypt your secrets.
Better use an open source software like PGP or openssl. I know it seems a bit difficult, but it really isn't anything special. You can use them with like only one command, so I really don't think it is hard to learn that. Just leave the unencrypted instructions next to your encrypted document and give keys to the heirs.

Thanks. I will give it a try. I understand the "online part" as not being safe. It was just to try the concept out.

At least with PGP I was able to find two sites that encrypt and decrypt the message identically.

For example
https://smartninja-pgp.appspot.com/
https://sela.io/pgp/

That gives me at least confidence that the protocol is well established and should not depend on existence of one obscure web page.

[achow101]

Literally none of the pages came out with the same result.
...
Which not only does not come up with the same results, but spits out different results every time you click on Encrypt (although the text and the key remain the same).

If we assume that all of those websites are using the same settings for AES, the reason that the ciphertext will be different is because of the way that the encryption key is derived. For encryption, they don't actually use the string that you give them as the actual key itself. Encryption software will actually take that passphrase and run it through a key derivation function (kdf). Often times they will also combine it with a randomly generated salt. The output produced may also include that randomly generated salt with the actual ciphertext tacked onto it (or vice versa). AES is just an encryption standard, it does not specify what kdf to use, whether to salt it, etc. So all of the sites and software you have been using are likely using different kdfs with randomly generated salts and storing that data differently in the output which means that the output will be different for every single software.

If you want to have something that can be used across multiple software, use PGP. Note that with PGP you still may not get the same encrypted result when you encrypt the same thing multiple times because PGP also introduces randomness when encrypting (IIRC the actual encryption key is random; PGP encrypts a random encryption key which is then actually used to encrypt your data). PGP includes a whole protocol around what kdfs are used, what hashes are used, what encryption algorithms are used, etc. and that is all standardized. This means that you can encrypt with one software and be able to decrypt with another software.

[gotya1]

I know that you seem to want to store paper backups, but if it's an option you could use a Veracrypt secured thumb drive or DVD in physical locations; and then PGP (which you mentioned) would be your best bet for online backups.