Re: Designing a secure message format
- From: "imposterrific@xxxxxxxxx" <imposterrific@xxxxxxxxx>
- Date: 30 Jun 2006 13:27:42 -0700
Thanks for the info, I wasn't aware that RC4 was no longer considered
secure. Is there a place I can go (other than Wikipedia, Google, ...)
to track the current security ratings of various protocols. Books have
this funny thing about going out of date :)
Thanks again.
rossum wrote:
On 29 Jun 2006 20:57:24 -0700, "imposterrific@xxxxxxxxx"
<imposterrific@xxxxxxxxx> wrote:
The passphrase would be used to generate a pseudo-random data streamRC4 is very easy to program, but no longer secure. MARC4 is better,
(S1) which would be used to decrypt a message header, which contains
additional information needed to decrypt the body of the message. (I
plan on using RC4 for S1 and including an initialization vector in the
message.) I have had a few ideas about what to put in this header.
Perhaps it could contain several symmetric keys which were used to
encrypt the message body (3DES, AES, etc.) or maybe it could contain
initialization vectors for a series of pseudo random streams spawned
from the original data stream (S1).
but still iffy. Given that you will have 3DES and/or AES available,
why not use AES in CTR mode to produce the pseudo random stream S1?
rossum
.
- References:
- Designing a secure message format
- From: imposterrific@xxxxxxxxx
- Re: Designing a secure message format
- From: rossum
- Designing a secure message format
- Prev by Date: Re: ECC point compression trick
- Next by Date: Re: LibTomCrypt
- Previous by thread: Re: Designing a secure message format
- Next by thread: SRP for online chat authentication?
- Index(es):
Relevant Pages
|
|
