From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7D186138334 for ; Sun, 5 Aug 2018 04:57:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6476AE07EC; Sun, 5 Aug 2018 04:57:52 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 05C0AE077D for ; Sun, 5 Aug 2018 04:57:51 +0000 (UTC) Received: from localhost (unknown [91.246.100.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: bircoph) by smtp.gentoo.org (Postfix) with ESMTPSA id 99CA6335CCD for ; Sun, 5 Aug 2018 04:57:47 +0000 (UTC) Date: Sun, 5 Aug 2018 07:57:43 +0300 From: Andrew Savchenko To: gentoo-dev@lists.gentoo.org Subject: Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) Message-Id: <20180805075743.58460118c981c2b0b0cf7a21@gentoo.org> In-Reply-To: <20180804072947.1f9ac221@computer> References: <20180623025046.djmsv44moxuqkv6t@proprietary-killer> <20180625075947.03bd4875@computer> <20180804114328.d4b31c885eba7cb98a1b5fd2@gentoo.org> <20180804072947.1f9ac221@computer> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA512"; boundary="Signature=_Sun__5_Aug_2018_07_57_43_+0300_HySCUGLDTBd/4vfU" X-Archives-Salt: 0afb9191-5feb-48c0-8085-292cfacb641b X-Archives-Hash: 96e40df2925d066d64da15a28a145650 --Signature=_Sun__5_Aug_2018_07_57_43_+0300_HySCUGLDTBd/4vfU Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Sat, 4 Aug 2018 07:29:47 -0700 Hanno B=C3=B6ck wrote: > > Symmetric cryptography is quite conservative and it took years and > > even decades for algorithms and their implementations to become > > trusted, so there is nothing wrong in using good old verified > > software. >=20 > When it comes to cipher modes the fact that people use decades old > modes is a problem. See efail for a prominent example, but there > are many less prominent ones. >=20 > Look at the mcrypt webpage: > http://mcrypt.sourceforge.net/ >=20 > Modes of Operation: >=20 > CBC > CFB > CTR > ECB > OFB > NCFB >=20 > That is a mixture of very insecure (ECB), insecure in most situations > (all others) and totally obscure modes. It doesn't include any > authenticated encryption modes, which in most situations is what you > want to use. I want to use mcrypt for local encryption only, therefore I don't really care about MACs. In my use cases modification tampering is easy to detect by other means. ECB is indeed unsafe and must be avoided (hey, openssl supports ECB as well, let's ban it!). CBC is better, but vulnerable to PODDLE, so I agree on avoiding it as well. As for CTR, (N)CFB, (N)OFB there is nothing obscure about them: they are known for decades and are well studied. There are no direct attacks on these modes known aside from detectable tampering possibility. Best regards, Andrew Savchenko --Signature=_Sun__5_Aug_2018_07_57_43_+0300_HySCUGLDTBd/4vfU Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAltmg8cACgkQ9lNaM7oe 5I1ksg//QmRtplMOYyLCATfK5kYSiG2rB7Fxu2reHYYrbAdOM9DnYstGbRVBBCHu TjOtZeSU0EZqghdMP1UxBB+a9RR+MMRcLd7xWHICAL6JNkNiNXYXIUsJo02xfuo8 bfwW+ABas6x/3ic1Crmg/dyAlNFOdUj1sz99KCbpdmiZYLNzkfSJAwO6s1oI25wO dyaldWIXLk7p6hsdAVv4nV6wWKYcv7bMxn1mOpoBZvp/s+CmNAD2g5wT5lStan3K AxjBIR9UHPZhP7vERx7zI7MgdpYmvBAZkHdV9vG83SNsj7QeBXEm0SYWTalT02bJ 3/vziHTnH9AgjQwTalCWpsdEM9nAKbNyHNZudcRFxXx+yHKZ2inlo3eeaqm5mzhQ ZGw7z437g74JkI/a/35bXZMekad0ig3mVOH8C8hv9xyZkBmuTVuPBjA/ygObETvR dExpwI4YP24328thcNebH1qozfJhq833+A4MYN3ab0tQmRqR0WGaXWrioC6g5uUp Cmj4DIqZZ5XoV+5znc1HRfIY0PWvVsBQmJEAyAuoaZdirUd/P286bIJFdrr0ACS4 9EJ4cLWcJ1WVfq1O2SUK778xtljL7UaUIBjJ1vgO/2EDHjKSW1oQGvITZRJKeO5a eCp23/fRibc0CRlXjZMp6v7mn79HPS2IHwJCX+iq/rHMyG9NFeo= =waWq -----END PGP SIGNATURE----- --Signature=_Sun__5_Aug_2018_07_57_43_+0300_HySCUGLDTBd/4vfU--