Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptography - suggested modification of 6.5.4 #2497

Open
randomstuff opened this issue Jan 2, 2025 · 3 comments
Open

Cryptography - suggested modification of 6.5.4 #2497

randomstuff opened this issue Jan 2, 2025 · 3 comments
Assignees
@danielcuthbert
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@randomstuff
Copy link
Contributor

Current:

6.5.4 [MODIFIED, MOVED FROM 6.2.7] Verify that encrypted data is authenticated via signatures, as well as through authenticated cipher modes or HMAC for protection against unauthorized modification.

Proposed by Bart Preneel:

6.5.4 Verify that authenticated encryption modes are always used, preferably by using an authenticated encryption mode such as mentioned under 6.5.2 or by combining an encryption method with a secure MAC algorithm such as AES-CMAC, HMAC-SHA-2, AES-GMAC, Poly1305-AES.

with comment:

Digital signatures are rarely combined with encryption. I would not use the term signatures for a MAC algorithm.
@randomstuff
Copy link
Contributor Author

OK for me after some wording changes.

Some notes/comment on my own:

  • Some of these schemes are currently not in the crypto appendix, should be add them?
  • Should be add Chacha20-Poly1305 in the list in 6.5.4?
  • Should we have this list here or simply point to the appendix.
  • " combining an encryption method with a secure MAC algorithm such as AES-CMAC, HMAC-SHA-2, AES-GMAC, Poly1305-AES" is somewhat ambiguous because it appears that AES-CMAC and friends are MAC algorithms whereas they are actually a combination of an encryption scheme and a MAC algorithm.

@elarlang elarlang added the V6 label Jan 3, 2025
@jmanico
Copy link
Member

jmanico commented Jan 3, 2025

Bart is fixing something that is technically somewhat inaccurate in the current requirement. I suggest we fix this for 5.0.

@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 labels Jan 5, 2025
@tghosth
Copy link
Collaborator

tghosth commented Jan 5, 2025

I leave this up to @danielcuthbert's judgement, I am not sure about this one.

@tghosth tghosth added the Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) label Jan 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielcuthbert danielcuthbert

Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet Bart Preneel Issues raised from a crypto review by Bart Preneel (received via Aram H) V6 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jmanico @randomstuff @danielcuthbert @tghosth @elarlang