EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Implement some AEAD mode (EAX for instance) in encryption

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#31912
Posted: 01/14/2015 05:37:48
by VoxPopuli Robot  (EldoS Corp.)

When dealing with low-level crypto, picking an appropriate encryption mode of operation for the task becomes important. SBB currently implement several mode: ECB (which is a real risk), CBC, CTR, CFB8, GCM and CCM.

Unfortunately, none of these mode is an authenticated encryption with associated data (AEAD) mode of operation which leaves application responsible for authenticating data by a separate channel (typically, by supplying an IV manually and then storing the result of a HMAC directly in the message) which results in more code, less compatibility and more complexity (and could lead to bigger messages as well).

Implementing at least one of the modern block cipher mode would remove the necessity to implement that code.

My preferred mode for this would be EAX since it has many desirable properties and isn't linked to any patent but other modes could be considered as well in order to improve compatibility (see http://csrc.nist.gov/groups/ST/toolki...nt.html#01 for a list and detail of currently considered AEAD modes).

If you like the idea, vote for it on https://www.eldos.com/sbb/wishlist.php
#31913
Posted: 01/14/2015 09:04:40
by Ken Ivanov (EldoS Corp.)

Authenticated encryption with associated data is supported by lower-level TElSymmetricCrypto-based classes. The EncryptAEAD() and DecryptAEAD() methods will take associated data from user and use it for encryption or decryption respectively.

Note that these methods will only work with GCM and CCM modes of operation.

Reply

Statistics

Topic viewed 367 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!