First a small disclaimer: SCRAM is secure, but it's not finalized and we might make tweaks. We're going to be playing around with SCRAM on some experimental datasets and seeing what effect some tweaks have on performance.
-
-
Show this thread
-
TLDR: SCRAM 1/ adds protection against applications that either forget to authenticate plaintext, or intentionally look at plaintext before it's been authenticated, and 2/ integrates message padding directly into the AEAD layer.
Show this thread -
Probably obvious by now that SCRAM is an AEAD algorithm, like AES-GCM, or ChaCha20-Poly1305, which means that it both encrypts data, and authenticates it (along with any additional data you want to authenticate, but not encrypt). Don't AEAD algs already defend against corruption?
Show this thread -
Most cryptographic libraries implement 'in place' encryption; which means that the decrypted plaintext is available in application memory before it's authenticated (this happens only at the end).
Show this thread -
Sometimes application developers just forget to check the return code of the authentication check. This is a serious security issue, but it's very hard to test for; normal data will decrypt just fine, you need a test case with a corrupt encrypted input.
Show this thread -
Sometimes application developers intentionally look at plaintext before it's been authenticated, as in "EFAIL". They think that getting a "head start" on the data is worth it and that canceling or undoing the work if the auth fails is sufficient. Bad bad!
Show this thread -
SCRAM prevents looking at plaintext prior to authentication cryptographically, not just with pinky promises. The MAC *has* to be computed to release the encryption key. If the application doesn't do this correctly, it won't decrypt, the application will just always get garbage.
Show this thread -
Of course, applications should still check the authentication check return code, but if they don't, the failure mode is far safer with SCRAM. It also removes any incentive to 'cheat' and look at data before it's ready.pic.twitter.com/sE0KRQykom
Show this thread -
I broke the threading! rest of this thread over here ....https://twitter.com/colmmacc/status/1204446466271408128 …
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.