|
|
|
|
|
|
by zaarn
3112 days ago
|
|
|
What you describe is MtE (Mac Then Encrypt), which is generally not recommended because you have to decrypt ciphertext before you can check the MAC. This can lead to various timing or padding oracle vulnerabilities. The recommended, more safer and sturdier method is EtM (Encrypt then MAC), in which you encrypt the plaintext then MAC the ciphertext. This way you can verify the cipher before you operate on it. EtM is [according to wikipedia] "[...] the only method which can reach the highest definition of security in AE [...]". Being able to supply arbitrary data into your system and have said system blindly apply a secret key to it is IMO not the safe mode. The safe mode is verifying that the data is from a source we can at least moderately trust to now spew out garbage and has the secret key anyway. |
|
|
Now, it seems like I may did it horribly wrong, I'm going to fix it right now.
Thank you!
EDIT:
After I read an answer[0] on StackExchange, I realized I maybe did it right (Because of the CFB mode is different than CBC). Looks like I need to learn a whole lot more before start that fixing.
Next time I'll just use GCM and save all these troubles.
[0] https://crypto.stackexchange.com/questions/42369/is-this-sym...