Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptography - Received comments about CBC #2494

Open
randomstuff opened this issue Jan 2, 2025 · 2 comments
Open

Cryptography - Received comments about CBC #2494

randomstuff opened this issue Jan 2, 2025 · 2 comments
Assignees
@danielcuthbert
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@randomstuff
Copy link
Contributor

Currently we have this comment the crypto appendix:

All encrypted messages must be authenticated. Given this, for ANY use of CBC mode there MUST be an associated hashing function or MAC to validate the message. In general, this MUST be applied in the Encrypt-Then-Hash method (but TLS 1.2 uses Hash-Then-Encrypt instead). If this cannot be guaranteed, then CBC MUST NOT be used.

We have received this comment from Bart Preneel:

I would not hide such an important aspect in an appendix. I would also rewrite it as follows:

All encrypted messages must be authenticated. Given this, for ANY use of CBC mode there MUST be an associated hashing function or MAC algorithm to validate the message. In general, this MUST be applied in the Encrypt-Then-Hash method (but TLS 1.2 uses Hash-Then-Encrypt instead). If this cannot be guaranteed, then CBC MUST NOT be used.

The only application where encryption without a MAC algorithm is allowed is disk encryption.

If CBC is used, it shall be guaranteed that the verification of the padding is performed in constant time.
@elarlang elarlang added the V6 label Jan 3, 2025
@jmanico
Copy link
Member

jmanico commented Jan 3, 2025

This looks like a very positive change. If this is coming from Bart, I'd suggest we add it to 5.0.

@danielcuthbert
Copy link
Collaborator

Agreed, good addition and ill add it in as part of the batches ill be doing this coming week. Thanks @randomstuff

@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) labels Jan 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielcuthbert danielcuthbert

Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jmanico @randomstuff @danielcuthbert @tghosth @elarlang