Hey Tony...
Thanks for joining the fray. I'm going to express an unpopular opinion here... Sometimes the Wikipedia is _not_ the reference of choice. It's a great place to start (as with any Encyclopedia) but it's focus is, as far as I can tell, to be broad rather than deep.
So I'm not trying to criticize here... not you... not the Wikipedia...
I just wanted to offer a few additional resources for modes of operation that I consider a little more authoritative.
http://csrc.nist.gov/CryptoToolkit/modes/
and
http://csrc.nist.gov/CryptoToolkit/modes/workshop1/index.html
The first is an overview of the modes of operation section of NIST's "Crypto Toolbox". The second links to the proceedings of a conference on the subject.
On 10 Jan 2006, at 05:38, Tony Garnock-Jones wrote:
Hi Chris,
ECB, CTR ("Counter"), EAX and GGM are all modes of operation for block ciphers. This wikipedia page http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation provides a good overview of the different modes, and why ECB is a bad choice, and why an AEAD mode (near the bottom of the page) is better than a non-authenticating mode.
(I was particularly struck by the spectacular failure of ECB mode to encrypt the sample image!)
With specific reference to a Mako signed-sealed envelope, probably the best thing to do is to perform the public-key signing operation on the original data, and then encrypt-and-MAC the signed data as a separate step. The thing to do is to change the way envelopes are sealed (the signing process can be left alone) to be an encrypt-and-MAC operation rather than a simple encrypt-only operation with no integrity protection. For instance, Rijndael in EAX or GGM mode would do nicely for the enciphering step.
Another thing to watch out for is the key-exchange protocol, which can be really sensitive.
Cheers, Tony
Chris Muller wrote:
Hi Tony, it may very well be the other way around. I am honestly no encryption expert, just a skilled implementor. I will try to find the web reference that recommended that.
As for ECB, I'm sorry I have no idea what that means. This is exactly the kind of critique I need your guys' help with. I am hoping that the usage and management are mostly ok, but there may be some tightening needed in the cryptography layer.
This is a very worthy discussioon for the cryptography list, I hope you don't mind that I have copied that list here.
Cheers, Chris
--- Tony Garnock-Jones tonyg@lshift.net wrote:
Hi Chris,
In the comment to method MakoEnvelope class>>signedAndSealedFrom:to:object:, you write "Security experts recommend putting the signed inside the sealed".
Isn't it the other way around? According to http://www-cse.ucsd.edu/users/mihir/papers/oem.html the least insecure method is to encrypt, then MAC.
Also: On digging into the implementation of enciphering, it looks like the default cipher, Rijndael, is being used in ECB mode. Have I analysed that correctly? (If so, there are other modes that might be better: AEAD modes such as EAX or GGM; at a minimum, CTR, but an AEAD mode would be better, of course)
Regards, Tony
-- [][][] Tony Garnock-Jones | Mob: +44 (0)7905 974 211 [][] LShift Ltd | Tel: +44 (0)20 7729 7060 [] [] http://www.lshift.net/ | Email: tonyg@lshift.net _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography