search

sebsauvage / ZeroBin

A minimalist, opensource online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
http://sebsauvage.net/wiki/doku.php?id=php:zerobin
953 stars 213 forks source link

Higher encryption #42

Open petterolsson opened 11 years ago

petterolsson commented 11 years ago

Hi,

Is there a chance of implementing 512 or 1025 AES for browser encryption?

Thanks Petter

WAR10CKfreeworld commented 11 years ago

No, according to the official specifacations AES or Rjindael only supports keys of 128, 192, and 256 bits. You would have to totally modify the source reference code of AES to support larger key sizes and so far the only cipher I know of that supports higher keys then 256 bits is Blowfish which supports up to 448 bit keys.

When a cipher is developed, it has a fixed key size/s that are built into the code. Only the key sizes listed in the doumentation of the cipher are supported for it. So for example here are 4 good ciphers and their supported key sizes:

Blowfish: 128, 192, 256, 448 (This one remains uncracked when used with 448 bit keys!) AES Rjindael: 128, 192, 256 Serpent: 128, 192, 256 Twofish: 128, 192, 256

nbraud commented 11 years ago

Frankly, modifying an existing cipher to increase key length is a perilous exercise, and AES-256 is probably much more secure than Blowfish-448.

I recommend closing this issue.

ulikoehler commented 11 years ago

I agree to @nbraud .

While 512 is almost certainly a bigger number than 256, it does not neccessarily mean it's more secure (also, keep in mind that ZeroBin does not use Public-Key-Cryptography but only symmetric cryptography.

If you want/need other algorithms, you should implement them into SJCL (because that's what ZeroBin uses). Then, you could add a config option (see my config pull request) to use another algorithm, but I don't think it's worth the effort.