EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Implement some AEAD mode (EAX for instance) in encryption

Posted: 01/14/2015 05:37:48
by VoxPopuli Robot  (Team)

When dealing with low-level crypto, picking an appropriate encryption mode of operation for the task becomes important. SBB currently implement several mode: ECB (which is a real risk), CBC, CTR, CFB8, GCM and CCM.

Unfortunately, none of these mode is an authenticated encryption with associated data (AEAD) mode of operation which leaves application responsible for authenticating data by a separate channel (typically, by supplying an IV manually and then storing the result of a HMAC directly in the message) which results in more code, less compatibility and more complexity (and could lead to bigger messages as well).

Implementing at least one of the modern block cipher mode would remove the necessity to implement that code.

My preferred mode for this would be EAX since it has many desirable properties and isn't linked to any patent but other modes could be considered as well in order to improve compatibility (see http://csrc.nist.gov/groups/ST/toolki...nt.html#01 for a list and detail of currently considered AEAD modes).

If you like the idea, vote for it on https://www.eldos.com/sbb/wishlist.php
Posted: 01/14/2015 09:04:40
by Ken Ivanov (Team)

Authenticated encryption with associated data is supported by lower-level TElSymmetricCrypto-based classes. The EncryptAEAD() and DecryptAEAD() methods will take associated data from user and use it for encryption or decryption respectively.

Note that these methods will only work with GCM and CCM modes of operation.



Topic viewed 445 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!