02-05-2014
Yeah, but read that page the OP linked. It's only 2 sentences or so. It says "However, in the AES standard a 128-bit block size is used, whereas ccrypt uses a 256-bit block size." I don't understand how someone can read that and conclude that AES is in use.
gpg (gnu privacy guard) is open source and should be immune to the back door intentionally placed in prodcuts. Your link about key recovery is worrisome. But they need both ciphertext and plaintext to recover the key.
The word here at work is that we are required to AES-256 still. As long as I can convince a security auditor that AES-256 is in use I am covered. I can do that with gpg. I would not want to try with ccrypt.
AES-256 is a symmetric key algorithm. What symmetric key algorithm would you replace AES-256 with? Those longer keys you mention are usually associated with public key encryption.
Our mandate to use AES-256 ultimately comes from the US Department of Defense who seems to feel that it is adequate protection.
This User Gave Thanks to Perderabo For This Post:
5 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Experts,
I am trying to encrypt my filesystem using the AES 256 bit type of encryption. I am using FreeBSD 5.4 and need to encrypt one of the mounted points. Does anybody have any good idea of how to do it?
Is there any documentation about encrypting the disk partition as this method is more... (2 Replies)
Discussion started by: jimmynath
2 Replies
2. Programming
Hi,
Any body can please point me to source code for implementing AES encryption in CTR mode i.e RFC 3686 (AES-CTR).I did googling but no good results. (6 Replies)
Discussion started by: Raom
6 Replies
3. Programming
I am developing a JAVA application that must encrypt its data. On my development machine, I can use a 256 bit key with no problem. A test machine throws an exception complaining about an illegal key length. The test machine is using JRE 1.6u21. Does anyone know where I can get a version of the JRE... (1 Reply)
Discussion started by: ilikecows
1 Replies
4. UNIX for Dummies Questions & Answers
Hey there,
I'm facing some weird issues with sed when trying to do substitution in a text file with the content of some environment variables. Those variables are used to store crypted (3DES) info with much special characters and that's where the problem starts.
I've already tried to use both... (7 Replies)
Discussion started by: Jormun
7 Replies
5. Programming
Various Node-Red crypto modules do not work with PHP, so to send an encrypted message from a PHP script (in this case from a Ubuntu server) to Node-RED we need our own code.
After a few hours of searching, testing various libs, more testing and debugging, I got this PHP to Node-RED code... (0 Replies)
Discussion started by: Neo
0 Replies
LEARN ABOUT DEBIAN
libtomcrypt
LIBTOMCRYPT(3) Library Functions Manual LIBTOMCRYPT(3)
NAME
libtomcrypt - public domain open source crypthographic toolkit
SYNOPSIS
#include <tomcrypt.h>
Link with -ltomcrypt (use pkg-config --libs libtomcrypt)
DESCRIPTION
libtomcrypt is documented in /usr/share/doc/libtomcrypt-dev/crypt.pdf. To give you a very brief introduction, the following example is pro-
vided.
EXAMPLE
/* AES-XTS example for libtomcrypt. (c) 2008 Michael Stapelberg, Public Domain */
#include <stdint.h>
#include <string.h>
#include <tomcrypt.h>
static symmetric_xts xts;
/*
* Initializes AES-XTS for use with encrypt(). Key must be at least 32 bytes long, only
* the first 32 bytes will be used.
*
*/
void initialize_xts(unsigned char *key) {
int idx, err;
unsigned char aeskey1[16], aeskey2[16];
/* You can use 32 different ciphers simultaneously. Before using a cipher, you must register it. */
register_cipher(&aes_desc);
/* Get the index of the cipher registered before */
if ((idx = find_cipher("aes")) == -1) {
fprintf(stderr, "ERROR: AES not available in libtomcrypt. Please upgrade/fix libtomcrypt.
");
exit(EXIT_FAILURE);
}
/* Set up the two private keys required by AES-XTS (see 3.4.10 of crypt.pdf) */
strncpy((char*)aeskey1, key, 16);
strncpy((char*)aeskey2, key+16, 16);
printf("Initializing with keys "%.16s" and "%.16s" (AES-XTS)
", aeskey1, aeskey2);
/* Initialize AES-XTS */
if ((err = xts_start(idx, aeskey1, aeskey2, 16, 0, &xts)) != CRYPT_OK) {
fprintf(stderr, "ERROR starting XTS: %s
", error_to_string(err));
exit(EXIT_FAILURE);
}
}
/*
* Encrypts the input (of input_size) and stores the result in output. The piece index
* is required because XTS wants a tweak for each block so that it doesn't generate
* patterns which would be visible in the encrypted output.
*
*/
void encrypt(const uint8_t *input, uint8_t *output, int input_size, int piece_idx) {
unsigned char tweak[256];
int err;
memset(tweak, '