AES-256 Encryption Best Practices
Tom Glod
tom at makeshyft.com
Tue Jul 3 14:17:05 EDT 2018
any chance this could go on github?
On Tue, Jul 3, 2018 at 2:02 PM, William Prothero via use-livecode <
use-livecode at lists.runrev.com> wrote:
> Brian,
> Good suggestion.
>
> Easy-peasy. Php has a nice function to generate random iv vectors, so I’ll
> put it in. Thanks for the suggestion!
>
> Best,
> Bill
>
> William Prothero
> http://earthlearningsolutions.org
>
> > On Jul 3, 2018, at 9:31 AM, Brian Milby <brian at milby7.com> wrote:
> >
> > I just put the PHP on my server and it was able to handle the
> randombytes IV without issue.
> >
> > The demo does not generate a new IV for the returned data which it
> really should in production.
> >
> > From a security perspective, you assume that an attacker has access to
> the code. From the encrypted message, an attacker could figure out your
> next IV.
> >> On Jul 3, 2018, 1:56 AM -0400, William Prothero <waprothero at gmail.com>,
> wrote:
> >> Brian, thanks for the feedback.
> >>
> >> I started by using random bytes, which was ok, but the php base64encode
> would only encode characters. So, I couldn’t get the return message to
> decode in LC correctly. I forget, it could have been the LC decode step,
> but the upshot was that I decided to go with valid ascii characters for iv
> because of this.
> >>
> >> I don’t understand the problem with using the milliseconds to generate
> the random seed, though. The least significant digits of the milliseconds
> only depends on the random time the user first initiates the query. I
> assumed the milliseconds counts up to some maximum integer number, then
> repeats. Hmm, maybe I need to investigate how the counting goes. I had
> assumed it was just an integer number that counted until it overflowed,
> then started again from zero. I can investigate this.
> >>
> >> What would the H(MAC) consist of? I haven’t heard of it.
> >>
> >> Best,
> >> Bill
> >>
> >> William Prothero
> >> http://earthlearningsolutions.org
> >>
> >> On Jul 2, 2018, at 9:57 PM, Brian Milby <brian at milby7.com> wrote:
> >>
> >>> I would suggest using "randombytes" instead of "random" on
> desktop/server (according to dictionary is isn't available in mobile, but I
> have not actually verified). That uses the openssl library to generate
> random numbers. The problem with using an IV based on a pseudorandom
> number generator seeded from something derived from the time means that it
> is potentially predictable.
> >>>
> >>> I was playing around with a function to generate an IV that is
> guaranteed to not repeat. The middle 4 bytes are the seconds, so it
> reduces the randomness by 4 bytes. I'm not sure how much of an issue that
> would be. It does avoid the birthday problem (which should not really be
> an issue with a good random number generator I would guess). Maintaining
> your own counter would be another option. Ensuring uniqueness and
> unpredictability is the goal.
> >>>
> >>> One other thing that I was reading is that we should also include a
> (H)MAC after the encryption to ensure that the payload is not tampered
> with. We would then only decrypt if the message had not been changed (and
> the IV would be included in the MAC calculation).
> >>>
> >>> Below is the code that I was experimenting with:
> >>>
> >>> function generateIV pLength
> >>> local tSeconds, tBytes
> >>>
> >>> put randomBytes(6) into tBytes
> >>> put the seconds into tSeconds
> >>> repeat until tSeconds < 256
> >>> put numToByte(tSeconds mod 256) after tBytes
> >>> put tSeconds div 256 into tSeconds
> >>> end repeat
> >>> put numToByte(tSeconds) after tBytes
> >>>
> >>> if pLength is empty then put 16 into pLength
> >>> subtract length(tBytes) from pLength
> >>> if pLength < 0 then
> >>> delete byte 1 to (- pLength) of tBytes
> >>> else
> >>> put randomBytes(pLength) after tBytes
> >>> end if
> >>> return tBytes
> >>> end generateIV
> >>>
> >>>> On Mon, Jul 2, 2018 at 10:37 PM, William Prothero via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> >>>> Folks:
> >>>> I’ve been working on a sample stack to demonstrate encryption, best
> practices (as far as I can determine).
> >>>> The online lessons are not adequate for a robust solution to this
> vital security issue. I’ve posted a demo stack at:
> http://earthlearningsolutions.org/google-static-maps-demo/ <http://
> earthlearningsolutions.org/google-static-maps-demo/> This stack has
> benefited from feedback and ideas from folks on this list. Feedback is
> welcome.
> >>>>
> >>>> This stack generates a random iv vector and uses AES-256 encryption
> to encode an array containing commands for interaction with a mySQL server.
> The server side php script that decodes the data and encodes the returned
> response is included.
> >>>>
> >>>> On thing I am still unsure about is the best way to generate a random
> string of characters that I use for the random IV (initialization vector)
> that is used for the encryption. I’ve included some code below, which is
> used to encrypt and decrypt the data sent and returned from the server. The
> encode and decode scripts are put into the launcher, or stack that is
> created when a standalone or mobile version is built.
> >>>>
> >>>> Here are the handlers. The encryption key will be more secure if it
> is obfuscated by putting it in as a property of a control or hidden in some
> way. I am wondering if the generation of the random seed is optimum.
> >>>>
> >>>> Feedback welcome.
> >>>>
> >>>> local theRandomSeed
> >>>>
> >>>> function randomChrs n
> >>>> if theRandomSeed = "" then
> >>>> setRandomSeed
> >>>> end if
> >>>> put "" into tChars
> >>>> repeat with i=1 to n
> >>>> put random(256) into nChar
> >>>> put numToNativeChar(nChar) after tChars
> >>>> end repeat
> >>>> return tChars
> >>>> end randomChrs
> >>>>
> >>>> on setRandomSeed
> >>>> put (the milliseconds) into tMS
> >>>> put trunc(tMs/10000000) into tDiv
> >>>> put tMS mod tDiv into theRandomSeed
> >>>> set the randomseed to theRandomSeed
> >>>> end setRandomSeed
> >>>>
> >>>> function theRandomIV
> >>>> if theRandomSeed = "" then
> >>>> setRandomSeed
> >>>> end if
> >>>> put randomChrs(16) into tIVBytes
> >>>> return tIVBytes
> >>>> end theRandomIV
> >>>>
> >>>> --This handler encodes the data. First it generates a random
> >>>> --initialization vector (iv), then encrypts the data and puts
> >>>> --adds iv to the encoded data.
> >>>> --tArray is an array that controls the action of the php script.
> >>>> function theEncoded tArray
> >>>> put theRandomIV() into tIV
> >>>> put base64Encode(tIV) into tB64IV
> >>>> put ArrayToJSON(tArray,"string”,”") into tJson
> >>>> put "AFBDDFCFBDBBDDCCFFACGHDFFFFEEDCC" into tEncryptionKey
> >>>> put "AES-256-CTR" into tCipher
> >>>> encrypt tJson using tCipher with key tEncryptionKey and iV tIV
> >>>> put base64encode(it) into tDataToSend
> >>>> --comment out next statement if iv not included in data
> >>>> put tB64IV&tDataToSend into tDataToSend
> >>>> return tDataToSend
> >>>> end theEncoded
> >>>>
> >>>> --This decodes the data that is returned by the php on the
> >>>> --remote server.
> >>>> --The iv is expected as the first 24 bytes of the returned data.
> >>>> function theDecoded tData
> >>>> put byte 1 to 24 of tData into tIVB64
> >>>> put base64decode(tIVB64) into tIV
> >>>> put the number of bytes in tData into n
> >>>> put byte 25 to n of tData into tRetB64Data
> >>>> put base64decode(tRetB64Data) into tRetData
> >>>> put "AES-256-CTR" into tCipher
> >>>> put "AFBDDFCFBDBBDDCCFFACGHDFFFFEEDCC" into tEncryptionKey
> >>>> decrypt tRetData using tCipher with key tEncryptionKey and iV tIV
> >>>> put it into tReturn
> >>>> return tReturn
> >>>> end theDecoded
> >>>> -- End of handlers that should be in the main stack
> >>>>
> >>>> _______________________________________________
> >>>> use-livecode mailing list
> >>>> use-livecode at lists.runrev.com
> >>>> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> >>>> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
More information about the use-livecode
mailing list