AES-CTR vs. AES-GCM / 128 vs. 256 bit

jitsi / lib-jitsi-meet

A low-level JS video API that allows adding a completely custom video experience to web apps.

Apache License 2.0

1.34k stars 1.11k forks source link

AES-CTR vs. AES-GCM / 128 vs. 256 bit #1404

Open robert-scheck opened 4 years ago

robert-scheck commented 4 years ago

https://github.com/jitsi/lib-jitsi-meet/blob/d2153eb404ddadef6d5b89ae8c499fa144280531/modules/e2ee/crypto-utils.js#L19-L20

says that Jitsi uses AES-CTR with 128 bit for E2EE currently - why?

So is there a specific reason that

a confidentiality only mode (AES-CTR) rather an authenticated encryption mode (AES-GCM), and
only 128 bit rather 256 bit

are currently used?

saghul commented 4 years ago

The main reason is we followed the SFrame draft (-00): https://tools.ietf.org/html/draft-omara-sframe-00

We did start with GCM and will likely return to it. SFrame is still a young document and we are following it closely and participating at IETF discussions.