Re: [openssl-users] Stand alone AES-CTR module
Mike, I agree that only security experts should implement production ciphers. But as Lewis pointed out, the OP's stated intention is to create a demo from scratch. This is what I think is worth doing and only for private distribution. Publishing that demo or distributing it widely would be unwise, to say the least. In that case, I would totally echo your words. Paraphrasing Matthew D Green, we don't need to add more stupid to the Internet. I'm advocating for the opportunity to learn from some of the best people in the field, not for adding noise to the misinformation out there. On May 12, 2015, at 12:24 AM, Lewis Rosenthal lgrosent...@2rosenthals.com wrote: Hi, all... I think it wise to go back to the OP's stated objective, to create an independent to libraries source code for demonstration purposes for AES-CTR mode. The operative prepositional phrase here being for demonstration purposes. Thus, whether it is wise to implement one's own crypto library/engine/etc. in *production*, I see no particular reason why learning from creating one as a demonstration or proof of concept (and even providing such code here or elsewhere for critique) is such a bad thing. This list is replete with experienced practitioners. If this isn't a good place to critique such a demonstration or proof of concept, perhaps someone here knows of a better list (one perhaps not focused on using OpenSSL in particular, say crypto.stackexchange.com - adn that is not an endorsement, merely an example). On 05/11/2015 11:59 PM, Mike Mohr wrote: If you don't know about list comprehension in Python, you can simply construct a list in a loop to get the job done. The end result is the same no matter which approach you take. The same is not true for cryptography. While Sec_Aficionado is quite eloquent and makes several valid points, I think his overall argument does not hold water. I have audited the crypto implementations in a number of open-source projects over the years found wide variance in their quality. In one instance a popular piece of software included a feature which claimed to encrypt its data using AES-256. It turned out that the code copied the user's password directly into the key buffer, either padding with null bytes or truncating depending on the length. The data was then encrypted using AES-256 in ECB mode. The software's primary purpose was not cryptography, and it provided innovative and creative features otherwise. This type of bug is insidious, since it doesn't really protect the data in any meaningful way and lulls its users into a false sense of security. I am not advocating that the realm of information security be forever relegated to a select few. That is also dangerous, as Sec_Aficionado correctly pointed out. However, the study of cryptography should never be undertaken without the guidance of an experienced practitioner. I had the extraordinary opportunity to study information security at university under the guidance of an ex-NSA analyst. I recognize that I am extremely lucky to have had this chance, and that this kind of education is only available to a select set of people worldwide. I also don't have a solution to the problem of training the next generation of cryptographers. However, having yet another potentially compromised AES implementation written by a novice programmer is not something that I want to encourage. On Mon, May 11, 2015 at 6:12 AM, Sec_Aficionado secaficion...@gmail.com mailto:secaficion...@gmail.com wrote: While implementing one's own security and/or cryptography is certainly not advisable for a novice (or even advanced programmers), creating cipher implementations from scratch is probably one of the best ways to learn and understand the intricacies of the problem at hand. Learning about the pitfalls and advantages of the algorithms is key for a future security expert. Moreover, denying someone access to help on an open source project is antithetical to the OSS philosophy. How can anyone hope to understand code that by its very nature is cryptic and complex if there's no one willing to help disentangle, at least at a high level, the routines and functions? InfoSec is a black art today, but it needs to get out of that mode. After the last few years it is clear that unless we open up the understanding of these disciplines, we will be at the mercy of experts with hidden agendas. Only educated users can hope to make correct use of cryptography, or be able to choose the best application for their needs. As we know, even a robust cipher is useless if utilized for the wrong purpose or poorly configured. We can't turn away those with a genuine interest in learning how to use cryptography without dooming ourselves to continue with the status quo. I appeal to those of you who routinely
Re: [openssl-users] Stand alone AES-CTR module
While implementing one's own security and/or cryptography is certainly not advisable for a novice (or even advanced programmers), creating cipher implementations from scratch is probably one of the best ways to learn and understand the intricacies of the problem at hand. Learning about the pitfalls and advantages of the algorithms is key for a future security expert. Moreover, denying someone access to help on an open source project is antithetical to the OSS philosophy. How can anyone hope to understand code that by its very nature is cryptic and complex if there's no one willing to help disentangle, at least at a high level, the routines and functions? InfoSec is a black art today, but it needs to get out of that mode. After the last few years it is clear that unless we open up the understanding of these disciplines, we will be at the mercy of experts with hidden agendas. Only educated users can hope to make correct use of cryptography, or be able to choose the best application for their needs. As we know, even a robust cipher is useless if utilized for the wrong purpose or poorly configured. We can't turn away those with a genuine interest in learning how to use cryptography without dooming ourselves to continue with the status quo. I appeal to those of you who routinely share your knowledge and try to make a difference here, that you provide some guidance and not turn away people with basic questions like this one. These are the users who may become one day contributors. They should be nurtured and not shunned. OK, I'll get off my soapbox now. Have a great week everyone. On May 10, 2015, at 5:58 PM, Mike Mohr akih...@gmail.com wrote: The task of implementing AES should not be undertaken by a novice programmer. Please save the world another heartbleed and pick something more in line with your skill level. On May 10, 2015 11:48 AM, konstantinos Alexiou konstantinako...@gmail.com wrote: Dear Sirs, I am new to C programming and i am trying to create an independent to libraries source code for demonstration purposes for AES-CTR mode.Could i have some help on doing that using the source code contained under crypto/aes. Thank you very much in advance. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FIPS 140-2 on iOS
This is an excellent explanation in plain English. Thank you! On Apr 28, 2015, at 4:31 PM, Steve Marquess marqu...@openssl.com wrote: On 04/28/2015 03:44 PM, Sec_Aficionado wrote: Hi there, Total n00b question here. I recently ran across a question on an iOS forum where someone was building an app with FIPS 140-2 compliant communications. Note there really is no such thing as FIPS 140-2 compliant (though you see that terms bandied around a lot and I'm guilty of doing so myself). The term of interest is FISP 140-2 validated (n.b.: that's validated not certified). Now, from reading here (mailing lists) about FIPS certification, it involves both the bits and the platform. So it would not be possible to create an app that is compliant on a platform that hasn't been certified. Is that a correct assumption? Or can I build a compliant app with just certified libraries? A Level 1 FIPS 140-2 validation (Level 1 being the most common and the easiest) applies to a thing called a cryptographic module in the context of one of more OEs or Operational Environments (loosely speaking, platforms). Note at Level 1 products are not validated, operating systems are not validated, only cryptographic modules are validated. Translated from FIPSspeak, for a software module that means a very specific chunk of executable code running on a specific platform (operating system and OS version and processor architecture). Move that same code to another platform and it is no longer validated; the validation is relative to the OEs or platforms. The only valid reason to use a FIPS 140-2 validated module is that you must in order to sell your cryptography-using product to the USG or DoD. For that market you (typically, if the procurement officer is paying attention) have to use a validated cryptographic module on one of the OEs specifically listed for that module validation. So for a software product there is no such thing as validation of the product independent of the platform (OE) it runs on. A partial exception to that rule is user affirmation per I.G. G.5, but while technically a legitimate means of satisfying FISP 140-2 validation requirements that has limited practical value in the USG/DoD market. Note I'm only discussing Level 1 validations here; Levels 2 and up are different. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] FIPS 140-2 on iOS
Hi there, Total n00b question here. I recently ran across a question on an iOS forum where someone was building an app with FIPS 140-2 compliant communications. Now, from reading here (mailing lists) about FIPS certification, it involves both the bits and the platform. So it would not be possible to create an app that is compliant on a platform that hasn't been certified. Is that a correct assumption? Or can I build a compliant app with just certified libraries? Thanks! Sent from my mobile I may have missed some autocorrections ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Forthcoming OpenSSL releases
Thanks for the heads up. Just to confirm, is this highest severity defect a yet-to-be-disclosed vulnerability, or a fix for an already known one? Sent from my mobile On Mar 16, 2015, at 3:05 PM, Matt Caswell m...@openssl.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be made available on 19th March. They will fix a number of security defects. The highest severity defect fixed by these releases is classified as high severity. Yours The OpenSSL Project Team -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJVByl7AAoJENnE0m0OYESRm5MIAJV4ElRSS575QkYwPcOw7VTK 8Ulc6TMHsy2s5UvTXl/THqEoy5n92v99Cm69Y69TSWOgK9FK8aV0BuKkVZVYp3Ko MYV4VMr8a7YiNh/16HctRLfEPH8bg5AkY76Y4RM5i1AXafSR6wMuwlJl21TmqMI+ J+HA39UvlWZ9zI7Lzz0v1BMoGAXg0cr8//QRcrFFgZZuUVtscwRRA9nRS65+AJhX ogd3ncUPUI3YEzxqv0kDfUre/2XeUNOM+N+u9pyfjoXHaMVsSX3A1HtpmEAMyzhE DqF+kmhTEyK0HYCVLnl6PLnBdHpPKY3qNFYd8trFyC2hpB9U6Qsut4KeKNtAi2g= =Uwpw -END PGP SIGNATURE- ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] AES-GCM failing from Command Line Interface
Hi Jakub, I have my custom solution in place and it works well, but I'm always willing to learn other ways to solve the problem. I'll take a look this coming week. Thanks! Sent from my mobile On Feb 20, 2015, at 3:34 PM, Jakub Zelenka jakub.open...@gmail.com wrote: Hi, On Tue, Feb 10, 2015 at 3:31 PM, Sec_Aficionado secaficion...@gmail.com wrote: Matt, Thanks for keeping me honest! I see it now, but I totally missed it before. I must have just played with the cli and not read the full page. Can you please confirm that EVP is the way to go? I'll create my own little PHP extension since I only need a very specific action. I'm probably a bit late with the reply... If you haven't implemented already, this might help you: https://github.com/bukka/php-crypto . However the api is still unstable (it means that there will be changes in the future). I have frozen the development for some time but will soon resume it as I will be finally able add compat layer for PHP 7 that is almost stable. Cheers Jakub ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] AES-GCM failing from Command Line Interface
Matt, Thanks for keeping me honest! I see it now, but I totally missed it before. I must have just played with the cli and not read the full page. Can you please confirm that EVP is the way to go? I'll create my own little PHP extension since I only need a very specific action. Thanks for your help! Sent from my mobile Please forgive any autocorrections I may have missed On Feb 10, 2015, at 9:21 AM, Matt Caswell m...@openssl.org wrote: On 10/02/15 14:09, Sec_Aficionado wrote: Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it. It does: https://www.openssl.org/docs/apps/enc.html The enc program does not support authenticated encryption modes like CCM and GCM. The utility does not store or retrieve the authentication tag. Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP is the intended way but there are no PHP bindings, only C from what I can tell. No - you can't do AES-GCM from the command line (things like s_server and s_client support it - but that doesn't help you for what you want to do). We don't supply the PHP bindings - you'll have to talk to the PHP guys about that. Matt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] AES-GCM failing from Command Line Interface
Ah, thank you! I tried a lot of things and was very frustrated. I wish the documentation reflected that. I'll see if I can contribute by updating it. Regarding AES-GCM from the command line, or PHP bindings, is that something that any of the OpenSSL components support? I think EVP is the intended way but there are no PHP bindings, only C from what I can tell. As a bit of background, I need to send an encrypted token to a client, which will return it when communicating back with the server. I need some form of authenticated encryption for that and OpenSSL seems like a perfect fit. Thanks for your help. Sent from my mobile On Feb 9, 2015, at 9:23 PM, Dr. Stephen Henson st...@openssl.org wrote: On Mon, Feb 09, 2015, Sec_Aficionado wrote: Hello, I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject. My command is: openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt I get prompted for password as expected. The encryption goes well, and then I proceed to decrypt using: openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt The program executes but I get a bad decrypt message. However, when I open dec.txt, it is the same as the original file payload.txt My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually. Can someone please explain to me why this might be happening? I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches. AES GCM is not supported by the 'enc' utility. More recent versions of OpenSSL throw out and error message if you try to use it from the command line. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] AES-GCM failing from Command Line Interface
Hello, I am trying to encrypt a short message using AES-256-GCM as mentioned in the subject. My command is: openssl enc -aes-256-gcm -p -in payload.txt -out enc.txt I get prompted for password as expected. The encryption goes well, and then I proceed to decrypt using: openssl enc -d -aes-256-gcm -p -in enc.txt -out dec.txt The program executes but I get a bad decrypt message. However, when I open dec.txt, it is the same as the original file payload.txt My guess is that the problem is in the padding, but I have not been able to eliminate the error message, even setting the -nopad option and padding manually. Can someone please explain to me why this might be happening? I am running openSSL 1.0.1f (6 Jan 14) on an Ubuntu 14.04 LTS VM with current patches. Thanks in advance for your help. Sent from my mobile ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
