Open LeftyBC opened 9 years ago
available for addition of HMAC layer
@troby I added you as a collaborator, should be able to assign this to you now.
Just a note, HMAC only applies to CTR mode: GCM uses GMAC and is already an authenticated symmetric cipher.
Only problem with GCM is that pycrypto doesn't support it until very recent versions, so it'd be difficult to support older systems. I saw some info online today about using CTR mode but then adding the multiplications in code that makes GCM different from CTR.
If compatibility is required, I'd recommend CTR+HMAC, and not worrying about adding in the GCM parts. That would add another potential attack surface.
CRC32 is not a cryptographically secure way to check that messages are authentic and undamaged.
@kisom recommends HMAC-SHA-256, and to use encrypt-then-MAC.