[cryptography] [ramble] [tldr] Layered security where encryption is used?
codesinchaos at gmail.com
Sun Jul 21 16:55:33 EDT 2013
1) If you want to prevent tampering, use a MAC, not a cipher. My
recommendation is HMAC-SHA-2. Be sure to use a constant time equality check
while verifying the MAC.
2) If you want to encrypt something symmetrically, use authenticated
encryption. Either with a specialized mode, like AES-GCM or with an
encrypt-then-mac scheme. Use a proper IV and don't forget to include it in
3) Use separate keys for different uses. This avoids interactions between
different parts of the software.
If you want only a single key in the config, then don't use it
directly. Instead derive a distinct key for each usage with a key
My recommendation for a KDF is HKDF with HMAC-SHA-2 as building block.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography