You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cayenne.apache.org by "Nikita Timofeev (JIRA)" <ji...@apache.org> on 2017/03/29 13:07:41 UTC

[jira] [Assigned] (CAY-2109) cayenne-crypto: add value authentication (HMAC)

     [ https://issues.apache.org/jira/browse/CAY-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nikita Timofeev reassigned CAY-2109:
------------------------------------

    Assignee: Nikita Timofeev  (was: Andrus Adamchik)

> cayenne-crypto: add value authentication (HMAC)
> -----------------------------------------------
>
>                 Key: CAY-2109
>                 URL: https://issues.apache.org/jira/browse/CAY-2109
>             Project: Cayenne
>          Issue Type: Bug
>            Reporter: Andrus Adamchik
>            Assignee: Nikita Timofeev
>             Fix For: 4.0.M6
>
>
> A previously ignored concern with using cayenne-crypto is data integrity. Corrupt messages will happily decrypt to garbage. Valid messages will happily decrypt with a corrupt key, also to garbage. So to make the system more robust, we'll be adding an optional message authentication code (MAC). I am using "Cryptography Engineering" book [1] as a reference on the best MAC practices. Implementation parameters:
> * HMAC [2]
> * SHA-256 
> * authenticate-then-encrypt
> * Authenticated message will be made of the following fields:
>      protocol_version || flags || secret_key || message
> (or should we just do header || secret_key || message?)
> [1] https://www.schneier.com/books/cryptography_engineering/
> [2] https://en.wikipedia.org/wiki/Hash-based_message_authentication_code



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)