Closed iulianlaz closed 1 year ago
The cipher method will stay as CTR mode for the foreseeable future. Ciphertexts are authenticated using HMAC, so using this library you get all the same authentication guarantees as you do with GCM.
Additionally, because of the ciphertext format, this library is only intended to be compatible with itself, so it wouldn't be compatible with other GCM implementations.
Is there a different reason you'd like GCM?
Hello and thanks for the response. I would like GCM as a security practice only, as far as I know it is newer and safer (https://csrc.nist.gov/publications/detail/sp/800-38d/final#pubs-documentation ). Thanks again!
Yeah, GCM is generally safer (and faster) because it combines encryption + authentication. CTR mode + HMAC authentication (what this library does) is just as secure, but the implementation is more complex and error-prone. php-encryption will stay on CTR+HMAC for the time being since there's no tangible difference in security for a correct implementation.
An even better option than GCM for other people implementing libraries is ChaCha20-Poly1305 (much faster), which is where we'd go if we ever updated the algorithm.
Thanks!
Hello, is there any chance that in the future the cipher method will change from aes ctr to aes gcm? Thank you.