#1 2020-12-22 22:50:43

Leslie7
Member
Registered: 2015-06-25
Posts: 248

Encryption questions

I have just began digging in to the subject. A few questions:


1. Which is currently the strongest encryption in mORMot if speed is not that important
  a) for messaging?
  b) for database?
  c) Is there a minimal data size to be effective?

2. Any other suggestions for very strong encryption beyond mORMot which is worth the extra effort?

3. Any future plans for mORMot?

4. Is the CTR mode mentioned here is the same as AES-256-CTR in mORMot?
https://www.highgo.ca/2019/08/08/the-di … algorithm/

5. Is the way mORMot tries to defend against replay attacks sufficient protection against the mentioned weakness of AES-CFB?

Last edited by Leslie7 (2020-12-22 23:35:46)

Offline

#2 2020-12-22 23:38:38

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Encryption questions

1) a) Websockets uses AES-OFB + PKCS7 padding
    b) SQLite3 also AES-OFB + non padding needed
    c) no minimal data size (otherwise the encryption would be weak)
2) We are open to suggestions, but AES-NI makes it very fast on Intel/AMD, faster than alternatives; we have SHA-3 in encryption mode if another strong encryption is needed
3) Plans about what? About encryption, we included AES-GCM but it has little benefit in respect to AES-OFB + crc32c
4) CTR is similar to OFB
5) CFB is not particulary weak, because we use PKCS7 padding - ECB is weak, and used nowhere in mORMot

Offline

#3 2020-12-23 01:00:06

Leslie7
Member
Registered: 2015-06-25
Posts: 248

Re: Encryption questions

Thanks for the very quick answer.

1)a) 11.6.5.3. in the documentation mentions  AES256-CFB.
2) "SHA-3 in encryption mode " I do not quite get this.  In my understanding SHA-3 is a hasher.  Do you suggest to use it as an additional check for proper delivery? Or are you referring to JWT?

Offline

#4 2020-12-23 08:13:22

Leslie7
Member
Registered: 2015-06-25
Posts: 248

Re: Encryption questions

One more question:

6. Would it be possible to create an option to make aes encoding the default so it would work without declaring  "ACCEPT-ENCODING: synshaaes"  in the header? It would allow hiding which specific implementation of encryption is used from spectators.

Last edited by Leslie7 (2020-12-23 08:13:43)

Offline

#5 2020-12-23 08:42:04

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Encryption questions

You are right, it was TAESCFB on mORMot 1.18, but we switched to TAESOFB with mORMot 2, which is faster on x86_64 in our unit, and slightly more proven.

Note that WebSockets can use an asymetric ES-256 ephemeral secret key derivation and mutual authentication, with perfect forward security, instead of fixed symetric AES encryption with a fixed secret key.
This is the safest option by far.

SHA-3 can be used in XOF mode, generating an endless output stream (not limited to 128, 256 or 512 bits).
We have a TSha3.Cipher() method which uses it as a cryptographic secure hasher. Slower than AES-NI (aes128ofb is 750MB/s, Shake128 is 160MB/s on my PC), but very safe and proven.
For instance, we use it in TAesPrng.GetEntropy to enhance the operating system-derivated entropy.
It is good to mix proven algorithms when you want to increase security.

Accept-Encoding is not a good idea, since it is not mandatory in the HTTP standard. You can still send data with no encoding, and it would be valid.
TLS is a much better option (we usually use a nginx reverse proxy + Let'sEncrypt for it), or encrypting the WebSockets binary frames as we do.

Offline

#6 2020-12-23 13:20:59

Leslie7
Member
Registered: 2015-06-25
Posts: 248

Re: Encryption questions

mORMot 2 - got it.

SHA-3 - sounds interesting.

Accept-Encoding , TLS, nginx - this project is not just about the typical CS scenario. I need extremely secure peer to peer communication in mixed environment with mobiles as well. I would rather not continue this subject publicly. You can answer my email if you have the time.

Offline

#7 2020-12-23 14:24:58

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Encryption questions

I read your email, and I guess that the safest option is, if you can, to use mORMot WebSockets with asymetric ES-256 ephemeral secret key derivation and mutual authentication, with perfect forward security.
This TECDHEProtocol class is indeed very safe and rooted on proven algorithms and practice - it has been audited internally by some big US companies.
You could even encapsulate it over a TLS layer, if needed. But it is not mandatory.

The easiest may be to use WebSockets + AES encryption, then switch to TECDHEProtocol if your security concerns are mandatory.
Handling private/public key pairs make this asymetric encryption a bit more difficult to maintain than fixed AES encryption with private keys.

Offline

Board footer

Powered by FluxBB