You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cayenne.apache.org by "Nikita Timofeev (JIRA)" <ji...@apache.org> on 2017/03/29 13:07:41 UTC
[jira] [Assigned] (CAY-2109) cayenne-crypto: add value
authentication (HMAC)
[ https://issues.apache.org/jira/browse/CAY-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nikita Timofeev reassigned CAY-2109:
------------------------------------
Assignee: Nikita Timofeev (was: Andrus Adamchik)
> cayenne-crypto: add value authentication (HMAC)
> -----------------------------------------------
>
> Key: CAY-2109
> URL: https://issues.apache.org/jira/browse/CAY-2109
> Project: Cayenne
> Issue Type: Bug
> Reporter: Andrus Adamchik
> Assignee: Nikita Timofeev
> Fix For: 4.0.M6
>
>
> A previously ignored concern with using cayenne-crypto is data integrity. Corrupt messages will happily decrypt to garbage. Valid messages will happily decrypt with a corrupt key, also to garbage. So to make the system more robust, we'll be adding an optional message authentication code (MAC). I am using "Cryptography Engineering" book [1] as a reference on the best MAC practices. Implementation parameters:
> * HMAC [2]
> * SHA-256
> * authenticate-then-encrypt
> * Authenticated message will be made of the following fields:
> protocol_version || flags || secret_key || message
> (or should we just do header || secret_key || message?)
> [1] https://www.schneier.com/books/cryptography_engineering/
> [2] https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)