Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Sam Johnson
    @sam0x17
    doesn't need to be AEAD
    all the other rust libraries I have tried also don't allow this for whatever reason
    I just would rather not have to take up 128 MB of ram to encrypt a 128 MB block when I could just incrementally encrypt it with a 4096 byte buffer, making this performant on small devices etc
    Tony Arcieri
    @tarcieri
    Miscreant requires AEAD at a minimum, the reason is security (specifically misuse resistance). If you really want to do what you're describing (which this library contitutes as "misuse compatible" 😜) you'd need to use unauthenticated AES-CBC or AES-CTR
    Sam Johnson
    @sam0x17
    gotcha that's what I thought thanks
    Tony Arcieri
    @tarcieri
    STREAM can process messages in fixed-sized segments
    Sam Johnson
    @sam0x17
    I guess I could potentially store the message boundaries
    and use your system
    Tony Arcieri
    @tarcieri
    if you know the length in advance, you can use fixed-sized segments
    which are the same size as the message buffer
    Sam Johnson
    @sam0x17
    gotcha
    ok thanks a lot
    Tony Arcieri
    @tarcieri
    and if you know the exact size, you know the last message's length
    which may or may not be the same as the segment size
    Challa Rao Ande
    @challarao_twitter
    hello all
    @tarcieri How interoperable is miscreant with other languages? I'm looking to explore miscreant and wondering if choosing this in go can cause interoperability issues in Java? Are there are any libraries that you know of? or do you have any pointers towards achieving that?
    thanks
    Challa Rao Ande
    @challarao_twitter
    Also is there any limit on the message size in miscreant?
    Challa Rao Ande
    @challarao_twitter
    (I'm looking to use stream encryption)
    Tony Arcieri
    @tarcieri
    @challarao_twitter AES-SIV is in available in some Java libraries, like Google Tink
    AES-PMAC-SIV is only available in Miscreant
    I'd love to eventually have a Java implementation of Miscreant
    re: message size, I think I may have failed to set a maximum according to RFC 5297
    it appears to be 2^132
    5.4 * 10^21 exabytes 🤔
    it also includes a bunch of language about how they only included it because RFC 5116 mandates it as part of the properties of an AEAD, heh
    Challa Rao Ande
    @challarao_twitter
    Thanks @tarcieri. Thanks for referring me to Tink. I was very elated that I was finally able to find a library that is interoperable with multiple languages(only to be disappointed later that it doesn't support streaming aead in go yet)
    Challa Rao Ande
    @challarao_twitter
    @tarcieri Do you have an example of file encryption using miscreant's stream encryption?
    Challa Rao Ande
    @challarao_twitter
    I'm interesting knowing how the decrypting party can know the buffer size to be used for open operations without storing each part's cipher text's size.
    Tony Arcieri
    @tarcieri
    @challarao_twitter there's STREAM support in Go: https://godoc.org/github.com/miscreant/miscreant.go
    both sides can agree on a fixed size in advance, or you can frame each message
    if either side gets it wrong, the MAC verify will fail
    Challa Rao Ande
    @challarao_twitter
    @tarcieri I already tried the stream encryptor in miscreant. Wondering what I need to do to replicate this in Java. I can find AES-SIV library in Java, is the nonce incrementing mechanism is a standard one miscreant, how do I replicate this in java by using non stream oriented methods(by chunking and incrementing nonces myself). Is it basically select nonce+keep incrementing it for each chunk?
    Challa Rao Ande
    @challarao_twitter
    I saw your nonce code and it's clear for me now, thanks
    We need to allocate counter bytes, and 1 byte for indicating last byte. I think I can use this for for other algorithms such as xchachapoly1305 I believe using go standard library.
    Challa Rao Ande
    @challarao_twitter
    What is the significance of indicator for last block?
    Tony Arcieri
    @tarcieri
    STREAM works with any AEAD mode, so yes, you can use another AEAD if you like
    (note that this is NOT true of its sister construction CHAIN, which Miscreant does not implement)
    the last block flag prevents truncation attacks
    otherwise an attacker could undetectably truncate a STREAM
    Challa Rao Ande
    @challarao_twitter
    Thanks @tarcieri
    Challa Rao Ande
    @challarao_twitter
    @tarcieri In github you added
    image.png
    would like to know how it compares with xchacha20poly1305
    with respect to misuse-resistance
    I've heard xchacha* is pretty good
    Tony Arcieri
    @tarcieri
    AES-SIV and AES-GCM-SIV are nonce reuse misuse resistant
    if you reuse a nonce, all that's leaked is message equality
    (X)ChaCha20Poly1305 leaks the XOR of the two plaintexts, as well as the Poly1305 key