Re: Review of PBEP 1.0 - Password Based Encryption Protocol

From: Adam Berent (aberent_at_abisoft.net)
Date: 09/09/03 

Date: 9 Sep 2003 07:51:28 -0700

Thank you all for your responses.

I think the 2 main issues that you have helped me with are:

1. No Digest of Plaintext. I am currently looking at either
replacing this portion with an HMAC taking it out all together.

2. Some other way to manage padding count.

Also one embarrassing change that I have already made is to take out
the spaces in the XML.

Most importantly here is the purpose of the posted document:

The problem I find is that there is so much discussion on the
potential security/insecurity of cryptographic algorithms yet very
little information on how to put it all together.

I want to provide someone with very little experience in cryptography
but much experience in software development, an easy to follow guide
line, that shows the minimum amount of steps needed, to securely
encrypt plaintext using a symmetric encryption algorithm.

I don't necessarily need to create my own protocol to do it. However
I find that pkcs5 is a bit outdated as it does not allow for the use
of AES or SHA-1. It is also not a minimum amount of steps solution.
I looked into the XML Encryption Protocol (at least at one of the
proposals) and it was based on top of pkcs5. I could not find any
other symmetric only solutions.

Again I do thank you for your help, I am no where near finished or
ready to implement this protocol so all comments are welcomed. I
really do not want to implement anything that is insecure so please
let me know your thoughts. However please remember that this should
be a no bells and whistles solution.

Quantcast