@matthew_d_green 7 years later, is GCM still a top choice for on-line AEAD modes? I've always liked AES-CTR because it's on-line and easy to implement, looks like GCM has all of CTR's advantages (assuming I don't implement it myself and use a library).
Am I stuck in the past? ty
-
Show this thread
-
Replying to @ucsenoi @matthew_d_green
CTR doesn’t provide authentication. I would use https://download.libsodium.org/doc/secret-key_cryptography/secretbox … in most cases, which uses XSalsa20 + Poly1305. X just means a larger nonce, 192 bits, so you can just call for a random buf each time without doing birthday bound napkin math as with GCM’s 96 bits.
2 replies 0 retweets 1 like -
There are some newer “nonce-misuse resistant” (NMR) constructions that don’t fail catastrophically in the face of nonce reuse, e.g. https://github.com/miscreant/meta/blob/develop/README.md …, which are cool, but I think “libsodium default” is a pretty reasonable choice for most applications.
2 replies 0 retweets 1 like -
libsodium also has a number of higher-level APIs and constructions that are helpful, such as https://libsodium.gitbook.io/doc/secret-key_cryptography/secretstream …, which securely handles a “chunked” sequence of messages or a large message that doesn’t fit in-memory, avoiding weird shit like chunk-reordering, etc.
1 reply 0 retweets 0 likes -
Replying to @randohacker @matthew_d_green
libsodium is the choice when I can ship libraries with my malware. I sometimes don't have that luxury though, and have to bake everything in, which usually means implementing it myself (because there are few good & compact reference implementations).
2 replies 0 retweets 1 like
Libhydrogen is way smaller, easy to embed, and is probably a better fit for malware as it’s less likely to be detected. A good fit for ransomware. If you just need symmetric encryption for a packer, try Charm insteadhttps://github.com/jedisct1/charm
-
-
Thanks for that heads up! I'm looking at this for transport encryption, with EDH/ECDH handling the key exchange; but I'm always happy to build a better encrypted payload
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.