Task #1016
Switch asymmetrical encryption standard
| Status: | New | Start date: | 04/10/2013 | |
|---|---|---|---|---|
| Priority: | High | Due date: | 04/19/2013 | |
| Assignee: | harlo | % Done: | 0% | |
| Category: | - | |||
| Target version: | v1 - "Sailor" | |||
| Component: |
Description
From Abel:
It appears [1] you are using standard AES-CBC to encrypt the message
contents before the stego process. AES-CBC is an unauthenticated form of
encryption. I don't see any code doing additional MACing of the
ciphertext, so Pixel Knot is vulnerable to active attackers flipping
bits as the messages travel on the wire.
I recommend switching to an authenticated encryption cipher mode,
namely, GCM.
If you're interested in Authenticated Encryption, Mathew Green's blog
post on this is super [2].
~abel
[2]:
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
History
#1 Updated by ex1st over 4 years ago
- Target version changed from v2 - "Prusik" to v1 - "Sailor"