hngopher.com

       [HN Gopher] Playing with symmetric encryption algorithms in Ruby
       ___________________________________________________________________
        
       Playing with symmetric encryption algorithms in Ruby
        
       Author : damir
       Score  : 14 points
       Date   : 2021-03-02 07:19 UTC (2 days ago)
        
 (HTM) web link (medium.com)
 (TXT) w3m dump (medium.com)
        
       | tashbarg wrote:
       | This desperately needs a disclaimer: unless you are only
       | experimenting/learning, keep away from this code. If you're
       | looking for something that you can use in a real project, use
       | SimpleBox from the rbnacl gem.
        
       | bawolff wrote:
       | > Eventhough AES128 counts as secure today computers are getting
       | more and more powerful. To ensure that our code will stay secure
       | for a longer period we will use AES256 for our following
       | examples.
       | 
       | Debatable. AES-256 is more a hedge against the most optimistic
       | views of quantum computers. Its not like a classical computer is
       | going to get fast enough to actually need that.
       | 
       | > The different modes of encryption algorithms is out of the
       | scope of this blog post so we will not take a deeper look at them
       | 
       | Danger! Danger! The mode is one of the most important parameters.
       | If you do this wrong it will not be secure.
       | 
       | > [a bunch of examples using CBC mode without authentication]
       | 
       | And this is why discussing modes is important. The examples are
       | insecure because they are using CBC mode incorrectly.
        
         | PeterWhittaker wrote:
         | Great points. Crypto articles written by non-experts always
         | make me shudder. To baldly assert that AES 256 is better than
         | AES 128 without discussing related key attacks is to miss a
         | critical point, as is simply asserting "CBC good" without
         | considering how AES is used; cf expert guidance to use AES CTR
         | in SSH instead, given plaintext-recovery-based attacks.
         | 
         | Note: I'm not an expert, just a better-than-average-informed
         | worker near the field. I've had the joy and privilege of
         | working with two expert cryptographers and an expert
         | cryptanalyst, and it was a humbling experience: Brains the size
         | of planets and three of nicest, most decent people you'd ever
         | meet.
         | 
         | Side-note: I was working late on a design doc based in part on
         | one of the first PKIX drafts when I came upon something that
         | struck me as odd. The cryptographer responsible for the draft
         | was also working late, so I wandered over to his office and
         | asked about it. Long story short, after we'd drawn and erased a
         | few diagrams on/from his whiteboard, this affable, sweet man
         | fixed me with what I can only describe as a "Cylon stare" and
         | said "So you're saying the lifetime should apply to the key,
         | not the certificate?" When I said "yes", rather more meekly
         | than I'd meant to, the Cylon disappeared and he said
         | offhandedly "OK, I'll update the draft!"
         | 
         | I love working with really smart people. Working with smart
         | nice people is sublime.
        
         | mothershipper wrote:
         | Should also be using a KDF or PBKDF to generate the key from a
         | password, instead of using the text of the password as the key.
        
       ___________________________________________________________________
       (page generated 2021-03-04 23:01 UTC)