aescrypt2 shows bad practice #1906
Labels
Comments
gilles-peskine-arm
added
bug
component-crypto
|
ARM Internal Ref: IOTSSL-2519 |
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Feb 26, 2019
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Feb 26, 2019
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Feb 26, 2019
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Feb 26, 2019
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Feb 26, 2019
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Feb 27, 2019
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Feb 27, 2019
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Apr 3, 2020
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Apr 3, 2020
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906 Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Apr 23, 2020
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906 Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Mar 10, 2021
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906 Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Mar 10, 2021
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906 Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Apr 28, 2021
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906 Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/mbedtls
that referenced
this issue
Apr 28, 2021
The sample program aescrypt2 shows bad practice: hand-rolled CBC implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key stretching, no algorithm agility. The new sample program pbcrypt does the same thing, but better. So remove aescrypt2. Fix Mbed-TLS#1906 Signed-off-by: Gilles Peskine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The very first sample program in alphabetical order,
programs/aes/aescrypt2.c, exhibits several bad practices. It rolls its own CBC mode on top of ECB. It does AEAD by combining AES-CBC with HMAC (at least it does encrypt-then-mac). It rolls its own key stretching by iterating SHA-256.We should replace this by a program that illustrates best practices, and possibly by one or more other programs that illustrate how to use the low-level functions but not to implement dodgy schemes.
This is a bug, even though the program works, because people who don't know better may copy the code, and it gives a bad impression of the library to people who do know better.
The text was updated successfully, but these errors were encountered: