Re: [openssl-users] Stand alone AES-CTR module
Mike, I agree that only security experts should implement production ciphers. But as Lewis pointed out, the OP's stated intention is to create a demo from scratch. This is what I think is worth doing and only for private distribution. Publishing that demo or distributing it widely would be unwise, to say the least. In that case, I would totally echo your words. Paraphrasing Matthew D Green, we don't need to add more stupid to the Internet. I'm advocating for the opportunity to learn from some of the best people in the field, not for adding noise to the misinformation out there. On May 12, 2015, at 12:24 AM, Lewis Rosenthal lgrosent...@2rosenthals.com wrote: Hi, all... I think it wise to go back to the OP's stated objective, to create an independent to libraries source code for demonstration purposes for AES-CTR mode. The operative prepositional phrase here being for demonstration purposes. Thus, whether it is wise to implement one's own crypto library/engine/etc. in *production*, I see no particular reason why learning from creating one as a demonstration or proof of concept (and even providing such code here or elsewhere for critique) is such a bad thing. This list is replete with experienced practitioners. If this isn't a good place to critique such a demonstration or proof of concept, perhaps someone here knows of a better list (one perhaps not focused on using OpenSSL in particular, say crypto.stackexchange.com - adn that is not an endorsement, merely an example). On 05/11/2015 11:59 PM, Mike Mohr wrote: If you don't know about list comprehension in Python, you can simply construct a list in a loop to get the job done. The end result is the same no matter which approach you take. The same is not true for cryptography. While Sec_Aficionado is quite eloquent and makes several valid points, I think his overall argument does not hold water. I have audited the crypto implementations in a number of open-source projects over the years found wide variance in their quality. In one instance a popular piece of software included a feature which claimed to encrypt its data using AES-256. It turned out that the code copied the user's password directly into the key buffer, either padding with null bytes or truncating depending on the length. The data was then encrypted using AES-256 in ECB mode. The software's primary purpose was not cryptography, and it provided innovative and creative features otherwise. This type of bug is insidious, since it doesn't really protect the data in any meaningful way and lulls its users into a false sense of security. I am not advocating that the realm of information security be forever relegated to a select few. That is also dangerous, as Sec_Aficionado correctly pointed out. However, the study of cryptography should never be undertaken without the guidance of an experienced practitioner. I had the extraordinary opportunity to study information security at university under the guidance of an ex-NSA analyst. I recognize that I am extremely lucky to have had this chance, and that this kind of education is only available to a select set of people worldwide. I also don't have a solution to the problem of training the next generation of cryptographers. However, having yet another potentially compromised AES implementation written by a novice programmer is not something that I want to encourage. On Mon, May 11, 2015 at 6:12 AM, Sec_Aficionado secaficion...@gmail.com mailto:secaficion...@gmail.com wrote: While implementing one's own security and/or cryptography is certainly not advisable for a novice (or even advanced programmers), creating cipher implementations from scratch is probably one of the best ways to learn and understand the intricacies of the problem at hand. Learning about the pitfalls and advantages of the algorithms is key for a future security expert. Moreover, denying someone access to help on an open source project is antithetical to the OSS philosophy. How can anyone hope to understand code that by its very nature is cryptic and complex if there's no one willing to help disentangle, at least at a high level, the routines and functions? InfoSec is a black art today, but it needs to get out of that mode. After the last few years it is clear that unless we open up the understanding of these disciplines, we will be at the mercy of experts with hidden agendas. Only educated users can hope to make correct use of cryptography, or be able to choose the best application for their needs. As we know, even a robust cipher is useless if utilized for the wrong purpose or poorly configured. We can't turn away those with a genuine interest in learning how to use cryptography without dooming ourselves to continue with the status quo. I appeal to those of you who routinely
Re: [openssl-users] Stand alone AES-CTR module
While implementing one's own security and/or cryptography is certainly not advisable for a novice (or even advanced programmers), creating cipher implementations from scratch is probably one of the best ways to learn and understand the intricacies of the problem at hand. Learning about the pitfalls and advantages of the algorithms is key for a future security expert. Moreover, denying someone access to help on an open source project is antithetical to the OSS philosophy. How can anyone hope to understand code that by its very nature is cryptic and complex if there's no one willing to help disentangle, at least at a high level, the routines and functions? InfoSec is a black art today, but it needs to get out of that mode. After the last few years it is clear that unless we open up the understanding of these disciplines, we will be at the mercy of experts with hidden agendas. Only educated users can hope to make correct use of cryptography, or be able to choose the best application for their needs. As we know, even a robust cipher is useless if utilized for the wrong purpose or poorly configured. We can't turn away those with a genuine interest in learning how to use cryptography without dooming ourselves to continue with the status quo. I appeal to those of you who routinely share your knowledge and try to make a difference here, that you provide some guidance and not turn away people with basic questions like this one. These are the users who may become one day contributors. They should be nurtured and not shunned. OK, I'll get off my soapbox now. Have a great week everyone. On May 10, 2015, at 5:58 PM, Mike Mohr akih...@gmail.com wrote: The task of implementing AES should not be undertaken by a novice programmer. Please save the world another heartbleed and pick something more in line with your skill level. On May 10, 2015 11:48 AM, konstantinos Alexiou konstantinako...@gmail.com wrote: Dear Sirs, I am new to C programming and i am trying to create an independent to libraries source code for demonstration purposes for AES-CTR mode.Could i have some help on doing that using the source code contained under crypto/aes. Thank you very much in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Stand alone AES-CTR module
If you don't know about list comprehension in Python, you can simply construct a list in a loop to get the job done. The end result is the same no matter which approach you take. The same is not true for cryptography. While Sec_Aficionado is quite eloquent and makes several valid points, I think his overall argument does not hold water. I have audited the crypto implementations in a number of open-source projects over the years found wide variance in their quality. In one instance a popular piece of software included a feature which claimed to encrypt its data using AES-256. It turned out that the code copied the user's password directly into the key buffer, either padding with null bytes or truncating depending on the length. The data was then encrypted using AES-256 in ECB mode. The software's primary purpose was not cryptography, and it provided innovative and creative features otherwise. This type of bug is insidious, since it doesn't really protect the data in any meaningful way and lulls its users into a false sense of security. I am not advocating that the realm of information security be forever relegated to a select few. That is also dangerous, as Sec_Aficionado correctly pointed out. However, the study of cryptography should never be undertaken without the guidance of an experienced practitioner. I had the extraordinary opportunity to study information security at university under the guidance of an ex-NSA analyst. I recognize that I am extremely lucky to have had this chance, and that this kind of education is only available to a select set of people worldwide. I also don't have a solution to the problem of training the next generation of cryptographers. However, having yet another potentially compromised AES implementation written by a novice programmer is not something that I want to encourage. On Mon, May 11, 2015 at 6:12 AM, Sec_Aficionado secaficion...@gmail.com wrote: While implementing one's own security and/or cryptography is certainly not advisable for a novice (or even advanced programmers), creating cipher implementations from scratch is probably one of the best ways to learn and understand the intricacies of the problem at hand. Learning about the pitfalls and advantages of the algorithms is key for a future security expert. Moreover, denying someone access to help on an open source project is antithetical to the OSS philosophy. How can anyone hope to understand code that by its very nature is cryptic and complex if there's no one willing to help disentangle, at least at a high level, the routines and functions? InfoSec is a black art today, but it needs to get out of that mode. After the last few years it is clear that unless we open up the understanding of these disciplines, we will be at the mercy of experts with hidden agendas. Only educated users can hope to make correct use of cryptography, or be able to choose the best application for their needs. As we know, even a robust cipher is useless if utilized for the wrong purpose or poorly configured. We can't turn away those with a genuine interest in learning how to use cryptography without dooming ourselves to continue with the status quo. I appeal to those of you who routinely share your knowledge and try to make a difference here, that you provide some guidance and not turn away people with basic questions like this one. These are the users who may become one day contributors. They should be nurtured and not shunned. OK, I'll get off my soapbox now. Have a great week everyone. On May 10, 2015, at 5:58 PM, Mike Mohr akih...@gmail.com wrote: The task of implementing AES should not be undertaken by a novice programmer. Please save the world another heartbleed and pick something more in line with your skill level. On May 10, 2015 11:48 AM, konstantinos Alexiou konstantinako...@gmail.com wrote: Dear Sirs, I am new to C programming and i am trying to create an independent to libraries source code for demonstration purposes for AES-CTR mode.Could i have some help on doing that using the source code contained under crypto/aes. Thank you very much in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Stand alone AES-CTR module
Hi, all... I think it wise to go back to the OP's stated objective, to create an independent to libraries source code for demonstration purposes for AES-CTR mode. The operative prepositional phrase here being for demonstration purposes. Thus, whether it is wise to implement one's own crypto library/engine/etc. in *production*, I see no particular reason why learning from creating one as a demonstration or proof of concept (and even providing such code here or elsewhere for critique) is such a bad thing. This list is replete with experienced practitioners. If this isn't a good place to critique such a demonstration or proof of concept, perhaps someone here knows of a better list (one perhaps not focused on using OpenSSL in particular, say crypto.stackexchange.com - adn that is not an endorsement, merely an example). On 05/11/2015 11:59 PM, Mike Mohr wrote: If you don't know about list comprehension in Python, you can simply construct a list in a loop to get the job done. The end result is the same no matter which approach you take. The same is not true for cryptography. While Sec_Aficionado is quite eloquent and makes several valid points, I think his overall argument does not hold water. I have audited the crypto implementations in a number of open-source projects over the years found wide variance in their quality. In one instance a popular piece of software included a feature which claimed to encrypt its data using AES-256. It turned out that the code copied the user's password directly into the key buffer, either padding with null bytes or truncating depending on the length. The data was then encrypted using AES-256 in ECB mode. The software's primary purpose was not cryptography, and it provided innovative and creative features otherwise. This type of bug is insidious, since it doesn't really protect the data in any meaningful way and lulls its users into a false sense of security. I am not advocating that the realm of information security be forever relegated to a select few. That is also dangerous, as Sec_Aficionado correctly pointed out. However, the study of cryptography should never be undertaken without the guidance of an experienced practitioner. I had the extraordinary opportunity to study information security at university under the guidance of an ex-NSA analyst. I recognize that I am extremely lucky to have had this chance, and that this kind of education is only available to a select set of people worldwide. I also don't have a solution to the problem of training the next generation of cryptographers. However, having yet another potentially compromised AES implementation written by a novice programmer is not something that I want to encourage. On Mon, May 11, 2015 at 6:12 AM, Sec_Aficionado secaficion...@gmail.com mailto:secaficion...@gmail.com wrote: While implementing one's own security and/or cryptography is certainly not advisable for a novice (or even advanced programmers), creating cipher implementations from scratch is probably one of the best ways to learn and understand the intricacies of the problem at hand. Learning about the pitfalls and advantages of the algorithms is key for a future security expert. Moreover, denying someone access to help on an open source project is antithetical to the OSS philosophy. How can anyone hope to understand code that by its very nature is cryptic and complex if there's no one willing to help disentangle, at least at a high level, the routines and functions? InfoSec is a black art today, but it needs to get out of that mode. After the last few years it is clear that unless we open up the understanding of these disciplines, we will be at the mercy of experts with hidden agendas. Only educated users can hope to make correct use of cryptography, or be able to choose the best application for their needs. As we know, even a robust cipher is useless if utilized for the wrong purpose or poorly configured. We can't turn away those with a genuine interest in learning how to use cryptography without dooming ourselves to continue with the status quo. I appeal to those of you who routinely share your knowledge and try to make a difference here, that you provide some guidance and not turn away people with basic questions like this one. These are the users who may become one day contributors. They should be nurtured and not shunned. OK, I'll get off my soapbox now. Have a great week everyone. On May 10, 2015, at 5:58 PM, Mike Mohr akih...@gmail.com mailto:akih...@gmail.com wrote: The task of implementing AES should not be undertaken by a novice programmer. Please save the world another heartbleed and pick something more in line with your skill level. On May 10, 2015 11:48 AM, konstantinos Alexiou konstantinako...@gmail.com
Re: [openssl-users] Stand alone AES-CTR module
On Sun, May 10, 2015 at 5:58 PM, Mike Mohr akih...@gmail.com wrote: The task of implementing AES should not be undertaken by a novice programmer. Please save the world another heartbleed and pick something more in line with your skill level. Maybe I am not parsing it correctly It sounds like he wants to use something like AES/CTR from an existing library like OpenSSL; and not implement AES from the ground up. Also, OpenSSL is susceptible to side channel attacks due to its table driven implementation. So its not clear to me how he could do much worse since a break is a break. You are either pregnant or you are not. There's no degree's of pregnancy, like being half pregnant. (There's some hand waiving above since it depends on the threat model. But you usually don't exclude threats because they are inconvenient or don't meet your efficiency goals. That's similar to what Browsers do in their threat models - they exclude inconvenient stuff or stuff that conflicts with their usability goals. That's one of the reasons browser security is such a joke). Jeff ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Stand alone AES-CTR module
On Sun, May 10, 2015 at 2:47 PM, konstantinos Alexiou konstantinako...@gmail.com wrote: Dear Sirs, I am new to C programming and i am trying to create an independent to libraries source code for demonstration purposes for AES-CTR mode.Could i have some help on doing that using the source code contained under crypto/aes. You should use the EVP interfaces; see EVP Symmetric Encryption and Decryption on the OpenSSL wiki (https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption). For counter mode, never reuse a counter or nonce within a security context. CTR mode provides confidentiality only, and its usually not enough to meet expectations of security. You usually want both confidentiality and authenticity assurances. The authenticity assurances provide both entity authentication and data integrity. Its usually a better notion of security and its called Authenticated Encryption. For Authenticated Encryption, you should also use the EVP interfaces; see EVP Authenticated Encryption and Decryption on the OpenSSL wiki (https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption). GCM mode is usually the mode you use when CWC mode (single pass) or EAX mode (double pass; slightly better than GCM) is not available. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Stand alone AES-CTR module
The task of implementing AES should not be undertaken by a novice programmer. Please save the world another heartbleed and pick something more in line with your skill level. On May 10, 2015 11:48 AM, konstantinos Alexiou konstantinako...@gmail.com wrote: Dear Sirs, I am new to C programming and i am trying to create an independent to libraries source code for demonstration purposes for AES-CTR mode.Could i have some help on doing that using the source code contained under crypto/aes. Thank you very much in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Stand alone AES-CTR module
Dear Sirs, I am new to C programming and i am trying to create an independent to libraries source code for demonstration purposes for AES-CTR mode.Could i have some help on doing that using the source code contained under crypto/aes. Thank you very much in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
