bitwiseshiftleft / sjcl

Stanford Javascript Crypto Library
http://bitwiseshiftleft.github.com/sjcl/
Other
7.19k stars 988 forks source link

Memory consumption on repeted call of sjcl.encrypt(password, clearText) #113

Open benzen opened 11 years ago

benzen commented 11 years ago

Hi,

I want to encrypt a pretty big string, around 60 mo (which come from file). Since i want to have a responsive ui, i chunked the string into small parts. And i encrypt each part one after the other. This allow me to give a progression feeling.

It works well, but using chrome devtools, i've noticed that the memry consumed by sjcl is just crazy.

For encoding a 11mo string, it will use 1go. When i tried with a 60 mo file, chrome lack memory and it end up with a "he's dead, jim!"

Currently i'm using the simplest solution i can find. Maybe it's the cause of my issues.

I'm using sjcl.encrypt with just the password, and the clear text. I don't care about the format of the result, as long as i can decrypt it with sjcl.

is that normal.

benzen commented 11 years ago

My bad, i used the simplified, api. Now i'm using: sjcl.cipher[param.cipher]

I have to generate the prp, but once it's done, i reuse it to encode the others part of the string.

Is this a security issue if all the chunks of the string use the same prp ??

Nilos commented 11 years ago

If you only use sjcl.cipher encrypt your data is not protected for message integrity and there might be other possible attacks. Maybe you want to have a look at ccm.js to implement a chunked ccm_encrypt.

bitwiseshiftleft commented 11 years ago

Yeah, using sjcl.cipher raw on each part of the string is called ECB mode, and it’s generally not recommended. Wikimedia shows one reason why: http://upload.wikimedia.org/wikipedia/commons/f/f0/Tux_ecb.jpg

Cheers, — Mike

On Nov 5, 2013, at 1:10 PM, Nilos notifications@github.com wrote:

If you only use sjcl.cipher encrypt your data is not protected for message integrity and there might be other possible attacks. Maybe you want to have a look at ccm.js to implement a chunked ccm_encrypt.

— Reply to this email directly or view it on GitHub.