New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Libsodium #25
Comments
PHP or the server isn't involved in the Crypto at all. We use SJCLs default, which is CCM mode (Counter with CBC-MAC). GCM (Galois Counter mode) would also be supported. A 256 bit key is, as far as I understand the docs, automatically generated from the low entropy password using PBKDF2 and a random salt. So we currently use AES 256 CCM. Changing this would not break support for older pastes, as the SJCL library stores the mode in the encrypted result. |
Ah of course. I am stupid. 😆 So I am splitting this issue as Libsodium still would maybe provide some advantages. |
So AES issue moved here: #27 As for libsodium there are still a few things we might use:
Of course we should use the current code as a fallback if Libsodium is not installed. |
I would rather like to move towards the Web Crypto API. There are already many browsers supporting this and it would be a native implementation instead of a JS based one. Regarding the other points:
Bottom line: I currently see no need to switch to this. But please feel free to look into libsodium integration if you see a risk in the current implementation. |
That's of course a different topic, but I'd highly suggest it too.
This might be a good reason for libsodium there.
That's why there is libsodium...
It does not matter. Use it if it is installed (the use is always the same) and don't use it (fallback to native PHP) if not. We may only leave a note in the installation guide saying that one can install Libsodium and PrivateBin uses it when available. So the only thing for libsodium would be RNG. As I created a new - more general issue - for this, I am closing this one. I think we have evaluated where we can use libsodium. |
So currently we use AES. But in which mode is it used? See e.g. how Owncloud did it, which was a problem.
The mode should also be documented in the Readme...
Because PHP does not support AES in GCM mode yet, but GCM has many advantages - the biggest one being that it is authenticated encryption so it cannot be modified.
However there is a method to use GCm mode right now, but it requires libsodium installed on the server. However libsodium is a great cryptographic tool with many features and they have a PHP wrapper.
So we could e.g. even switch to ChaCha20-Poly1305. Libsodium also allows one to use better hashing algorithms, a strong way to generate random numbers and even using the memory securly is possible.
We should evaluate whether/what/how we want to use (it).
The text was updated successfully, but these errors were encountered: