by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    both sides can agree on a fixed size in advance, or you can frame each message
    if either side gets it wrong, the MAC verify will fail
    Challa Rao Ande
    @challarao_twitter
    @tarcieri I already tried the stream encryptor in miscreant. Wondering what I need to do to replicate this in Java. I can find AES-SIV library in Java, is the nonce incrementing mechanism is a standard one miscreant, how do I replicate this in java by using non stream oriented methods(by chunking and incrementing nonces myself). Is it basically select nonce+keep incrementing it for each chunk?
    Challa Rao Ande
    @challarao_twitter
    I saw your nonce code and it's clear for me now, thanks
    We need to allocate counter bytes, and 1 byte for indicating last byte. I think I can use this for for other algorithms such as xchachapoly1305 I believe using go standard library.
    Challa Rao Ande
    @challarao_twitter
    What is the significance of indicator for last block?
    Tony Arcieri
    @tarcieri
    STREAM works with any AEAD mode, so yes, you can use another AEAD if you like
    (note that this is NOT true of its sister construction CHAIN, which Miscreant does not implement)
    the last block flag prevents truncation attacks
    otherwise an attacker could undetectably truncate a STREAM
    Challa Rao Ande
    @challarao_twitter
    Thanks @tarcieri
    Challa Rao Ande
    @challarao_twitter
    @tarcieri In github you added
    image.png
    would like to know how it compares with xchacha20poly1305
    with respect to misuse-resistance
    I've heard xchacha* is pretty good
    Tony Arcieri
    @tarcieri
    AES-SIV and AES-GCM-SIV are nonce reuse misuse resistant
    if you reuse a nonce, all that's leaked is message equality
    (X)ChaCha20Poly1305 leaks the XOR of the two plaintexts, as well as the Poly1305 key
    RobLinux
    @RobLinux
    Hello, I'm reverse engineering some Apple code that uses AES-SIV. However I'm new to this alogirthm and I'm not sure I am understanding it right. So far the code (from IDA, I annotated it my self) looks like this : https://user-images.githubusercontent.com/32842060/70189258-22818900-16f3-11ea-8a8e-386e023ba12d.png
    Tony Arcieri
    @tarcieri
    haha oh god
    RobLinux
    @RobLinux
    :)
    And some people managed to use the data and they gave this information : https://user-images.githubusercontent.com/32842060/70135723-e7e40600-168a-11ea-8093-b3ef26f74bbc.png
    I'm trying to use miscreant and wondering if I'm right. The AD is the associated data and used for authenticating the message right ?
    Tony Arcieri
    @tarcieri
    yes, although depending on circumstances you may need to use one or another interface… it looks like it’s the raw SIV interface?
    in which case it’s a “header"
    RobLinux
    @RobLinux
    yeah, and it looks like the header is made of one byte and another series of bytes (from the code). In order to use that i'll need to do a aead.open(cipherText, [[header1, header2], nonce])
    (in python)
    its the apple implementation of SIV than can be found here : https://github.com/darlinghq/darling-corecrypto/blob/master/include/corecrypto/ccmode_siv.h
    btw this is not hidden work, the full research can be found here : horrorho/InflatableDonkey#87
    Tony Arcieri
    @tarcieri
    err, it’s probably more like [header1, header2, nonce]
    RobLinux
    @RobLinux
    oh yeah sorry.
    usually, what kind of data can be the header made of ?
    Tony Arcieri
    @tarcieri
    it’s an arbitrary sequence of bytestrings
    RobLinux
    @RobLinux
    yeah, what I supposed. I don't have the function call so I'm doomed I guess.
    can I however bypass the authentication and force the decryption if I have the key ?
    or the authentication is part of the decryption process
    looking at the code, it seems like not
    RobLinux
    @RobLinux
    in anyway many thanks for providing miscreant as I can easily test my results <3
    Tony Arcieri
    @tarcieri
    :thumbsup:
    RobLinux
    @RobLinux
    I mean it's not a big and glorious use of the lib, but at least maybe it will help opening Apple restrictions on user data and allow better control on what you share with them. :)
    Arsalan Naeem
    @naeemarsalan
    Hey
    I had a question, I have encrypted cookiee which is a micreant, also have the key, how do I go about decrypting this cipher?
    Tony Arcieri
    @tarcieri
    which implementation are you using?
    Arsalan Naeem
    @naeemarsalan
    @tarcieri Hey, Thanks for taking time to response. Sorry for the delayed response.
    So the cipher is created using GO code and set as the cookiee
    AES-CMAC-SIV NonceSize: 16
    I have the secret that creates the Cipher, I Just want to reverse it and decode it. What would be the process. I have tried using the python lib but having no luck.