-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Blowfish, unauthenticated, CBC, constant IV #6
Comments
@stouset Sounds like a good idea. One thing that we'll definitely need is a way that automatically converts the encrypted file from the bf-cbc algorithm to aes-128-gcm. We'd be happy to see a pull request 😄 . |
For a similar tool, but with a more conventional symmetric encryption algorithm, please check out a gem called While On the implementation side — when the data is encrypted, I wrote But it is my hope that it is the community that ultimately benefits from having multiple solutions, with slightly different set of features, even if the overall intention can sometimes be similar. |
@stouset and @copiousfreetime see -> #18 i am working on this. general idea is having a yaml formatted keyfile with the cipher and other metadata inside it. this will allow automatic key/cipher detection moving forward which should allow the gem to easily migrate people forward. my question to you both is: what do you think is the the preferred setup wrt to keysize/cicpher, etc? i am not a fan of system dependent preferences because debugging nightmare not to mention having different behavior in, for eg, production vs dev vs ci envs but..... love to hear more. |
The cryptography behind this gem is far behind standards considered minimally acceptable for modern systems.
Far better would AES-128-GCM with a random IV. Best would be ChaCha20-Poly1305 on systems that support it. I am happy to provide a pull request if you are not opposed to merging it.
The text was updated successfully, but these errors were encountered: