Open benzen opened 10 years ago
benzen
commented
10 years ago My bad, i used the simplified, api. Now i'm using: sjcl.cipher[param.cipher]
I have to generate the prp, but once it's done, i reuse it to encode the others part of the string.
Is this a security issue if all the chunks of the string use the same prp ??
Nilos
commented
10 years ago If you only use sjcl.cipher encrypt your data is not protected for message integrity and there might be other possible attacks. Maybe you want to have a look at ccm.js to implement a chunked ccm_encrypt.
bitwiseshiftleft
commented
10 years ago Yeah, using sjcl.cipher raw on each part of the string is called ECB mode, and it’s generally not recommended. Wikimedia shows one reason why: http://upload.wikimedia.org/wikipedia/commons/f/f0/Tux_ecb.jpg
Cheers, — Mike
On Nov 5, 2013, at 1:10 PM, Nilos notifications@github.com wrote:
If you only use sjcl.cipher encrypt your data is not protected for message integrity and there might be other possible attacks. Maybe you want to have a look at ccm.js to implement a chunked ccm_encrypt.
— Reply to this email directly or view it on GitHub.
Hi,
I want to encrypt a pretty big string, around 60 mo (which come from file). Since i want to have a responsive ui, i chunked the string into small parts. And i encrypt each part one after the other. This allow me to give a progression feeling.
It works well, but using chrome devtools, i've noticed that the memry consumed by sjcl is just crazy.
For encoding a 11mo string, it will use 1go. When i tried with a 60 mo file, chrome lack memory and it end up with a "he's dead, jim!"
Currently i'm using the simplest solution i can find. Maybe it's the cause of my issues.
I'm using sjcl.encrypt with just the password, and the clear text. I don't care about the format of the result, as long as i can decrypt it with sjcl.
is that normal.