FAQ
I was looking through crypto/cipher and noticed that there are no authenticated encryption modes. Are there any Go implementations of GCM, EAX or CCM in use?

The vast majority of symmetric encryption uses these days should really be using authenticated encryption due to the attacks that are possible when using a unauthenticated mode. It is possible to Encrypt-then-MAC, but this requires the developer to implement it securely.

Jonathan

--

Search Discussions

  • Stephen Day at Nov 14, 2012 at 2:44 am
    Check go.crypto[1] for an nacl and openpgp implementation.

    Stephen.

    [1] http://code.google.com/p/go/source/browse/?repo=crypto

    --
  • Damian Gryski at Nov 14, 2012 at 11:05 am

    Le mardi 13 novembre 2012 20:02:45 UTC+1, Jonathan Rudenberg a écrit :

    The vast majority of symmetric encryption uses these days should really be
    using authenticated encryption due to the attacks that are possible when
    using a unauthenticated mode. It is possible to Encrypt-then-MAC, but this
    requires the developer to implement it securely.
    I've written an implementation of Keyczar (keyczar.org) that uses
    Encrypt-then-MAC. (AES+HMAC). https://github.com/dgryski/dkeyczar . It's
    compatible with Google's C++/Java/Python implementations.

    Damian



    --
  • Agl at Nov 14, 2012 at 4:17 pm

    On Tuesday, November 13, 2012 2:02:45 PM UTC-5, Jonathan Rudenberg wrote:

    I was looking through crypto/cipher and noticed that there are no
    authenticated encryption modes. Are there any Go implementations of GCM,
    EAX or CCM in use?

    The vast majority of symmetric encryption uses these days should really be
    using authenticated encryption due to the attacks that are possible when
    using a unauthenticated mode. It is possible to Encrypt-then-MAC, but this
    requires the developer to implement it securely.
    As already noted, the recommended authenticated encryption is NaCl, which
    is implemented in go.crypto.

    GCM, unfortunately, is prone to side-channel attacks when implemented in
    software because it's a hardware orientated design. Support for it may
    appear in the main repo at some point in order to support TLS 1.2, but it's
    not a priority right now. (If it does, hopefully we can get a bitsliced
    implementation and AES-NI support in order to avoid those concerns.)


    Cheers

    AGL

    --

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedNov 13, '12 at 8:37p
activeNov 14, '12 at 4:17p
posts4
users4
websitegolang.org

People

Translate

site design / logo © 2021 Grokbase