I want to encrypt information like a password. AES requires a passphrase that will be used to encrypt and decrypt. If the passphrase is exactly the same as the message being encrypted, does this affect the strength of the encryption?
If the passphrase is exactly the same as the message being encrypted, does this affect the strength of the encryption?
Absolutely. It creates a 1:1 mapping of plaintext to cipher text, which is horrible, even if it weren't "encrypt with self." But compared to the ideal of storing a password, it's literally infinitely worse.
First, you need to remember that the AES keys must be precisely 16 bytes long. Nothing more, nothing less. So for your plan to make sense, we can only apply it to "passphrases" (I use those words in the weakest possible meaning) that are precisely 16 bytes long. That's not a particularly useful construction. But let's consider even that limited case.
You're going to store something E(x,x)) such that D(E(x,x)) == x. That's a tiny space, compared to all possible x (where x is exactly 16 bytes long), but why do I say "infinitely worse?" Because we're comparing it to storing zero bytes, which is the alternative. Since "x" here must be provided by the caller, there is absolutely no reason to store E(x,x). "E" is doing no work here. I could re-write the function D as:
D: (d, p) -> p
(where "d" is the cipher text and "p" is the password)
I literally can ignore the cipher text. It can be zero bytes long. It can be anything. I really don't care. And that would be better than any other conceivable encryption scheme, which would necessarily leak some information about p.
Nothing here gets better when we consider the case of "not 16 bytes long." In that case I need some kind of KDF (key derivation function). But the only reason I even needed that was because you injected "AES" which is doing no work here. A little fiddling on paper should hopefully convince you that D(E(KDF(x), x)) == x is no better than we started with.
This is an encryption system that does nothing. It only says "if I know X, the function will return me X." If I knew X already, why even call the function?
Anything that this would be useful for, any SHA-2 hash would be much better at solving.