[cryptography] [ramble] [tldr] Layered security where encryption is used?

CodesInChaos codesinchaos at gmail.com
Sun Jul 21 16:55:33 EDT 2013


1) If you want to prevent tampering, use a MAC, not a cipher. My
recommendation is HMAC-SHA-2. Be sure to use a constant time equality check
while verifying the MAC.
2) If you want to encrypt something symmetrically, use authenticated
encryption. Either with a specialized mode, like AES-GCM or with an
encrypt-then-mac scheme. Use a proper IV and don't forget to include it in
the MAC.
3) Use separate keys for different uses. This avoids interactions between
different parts of the software.
    If you want only a single key in the config, then don't use it
directly. Instead derive a distinct key for each usage with a key
derivation function.
    My recommendation for a KDF is HKDF with HMAC-SHA-2 as building block.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130721/14991965/attachment.html>


More information about the cryptography mailing list