search

p-e-w / quicksafe

The easiest way to securely encrypt notes (NO LONGER MAINTAINED)
52 stars 7 forks source link

it's good to have a MAC after encrypt, or using AES-GCM-256 mode #9

Closed byronhe closed 9 years ago

byronhe commented 9 years ago

it looks like, if saved file (ciphertext) was modified, the decrypt will still success, result in some wrong text.

to find modified ciphertext, we can make a MAC after encrypt, or using AES-GCM-256 mode

p-e-w commented 9 years ago

In the README, there is a paragraph explaining why quicksafe doesn't use a MAC. IMO, it's not much of a problem because where text notes are concerned, data corruption will be immediately noticable since it produces non-text, and maliciously altering ciphertext in a way that produces legible (and thus potentially confusing) plaintext is infeasible without knowing the key.

Of course, if we had the option to use GCM (or the patent-encumbered OCB) and thus get MAC "for free" we should certainly do so, but PyCrypto supports neither. https://github.com/bozhu/AES-GCM-Python is the only implementation I'm aware of, and would entail bringing in a module twice the size of quicksafe, in addition to retaining the PyCrypto dependency.