Uploaded image for project: 'Cayenne'
  1. Cayenne
  2. CAY-2109

cayenne-crypto: add value authentication (HMAC)

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.B1
    • Component/s: None
    • Labels:
      None

      Description

      A previously ignored concern with using cayenne-crypto is data integrity. Corrupt messages will happily decrypt to garbage. Valid messages will happily decrypt with a corrupt key, also to garbage. So to make the system more robust, we'll be adding an optional message authentication code (MAC). I am using "Cryptography Engineering" book [1] as a reference on the best MAC practices. Implementation parameters:

      • HMAC [2]
      • SHA-256
      • authenticate-then-encrypt
      • Authenticated message will be made of the following fields:

      protocol_version || flags || secret_key || message

      (or should we just do header || secret_key || message?)

      [1] https://www.schneier.com/books/cryptography_engineering/
      [2] https://en.wikipedia.org/wiki/Hash-based_message_authentication_code

        Attachments

          Activity

            People

            • Assignee:
              ntimofeev Nikita Timofeev
              Reporter:
              andrus Andrus Adamchik
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: