Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

added special note about ECB to README

  • Loading branch information...
commit 60b1c61727076db1c6c50b6b82cc4892af1ccb2f 1 parent b6791a1
authored April 15, 2011

Showing 1 changed file with 21 additions and 9 deletions. Show diff stats Hide diff stats

  1. 30  README.rdoc
30  README.rdoc
Source Rendered
@@ -4,7 +4,7 @@ This is a lightweight, fast implementation of AES (the US government's Advanced
4 4
 aka "Rijndael"), written in C for speed.  You can read more on the {Wikipedia AES Page}[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard].
5 5
 The algorithm itself was extracted from work by Christophe Devine for the open source Netcat clone
6 6
 {sbd}[http://www.cycom.se/dl/sbd]. According to the community, this is
7  
-{one of the best performing AES implementations available}[http://www.derkeiler.com/Newsgroups/sci.crypt/2003-07/0162.html]:
  7
+{a very high performance AES implementation}[http://www.derkeiler.com/Newsgroups/sci.crypt/2003-07/0162.html]:
8 8
 
9 9
     > With some exceptions your code performs better than all others in 
10 10
     > enc[ryption]/dec[ryption]. Do you have an explanation of that fact? Thanks. 
@@ -15,10 +15,10 @@ The algorithm itself was extracted from work by Christophe Devine for the open s
15 15
 This gem supports the most important features of AES, specifically:
16 16
 
17 17
 * 128, 192, and 256-bit ciphers
18  
-* Cipher Block Chaining (CBC) mode only
  18
+* Electronic Codebook (ECB) mode only - *see* *Security* *Note*
19 19
 * Encrypted blocks are padded at 16-bit boundaries ({read more on padding}[http://www.di-mgt.com.au/cryptopad.html#whatispadding])
20 20
 
21  
-You can read specifics about AES-CBC in the IPSec-related {RFC 3602}[http://www.rfc-archive.org/getrfc.php?rfc=3602],
  21
+You can read specifics about AES-ECB in the IPSec-related {RFC 3602}[http://www.rfc-archive.org/getrfc.php?rfc=3602],
22 22
 if you really care that much.
23 23
 
24 24
 Bottom line, this gem works.  Fast.
@@ -27,12 +27,10 @@ Bottom line, this gem works.  Fast.
27 27
 
28 28
 I couldn't find any that worked worth a crap.  The {ruby-aes}[http://rubyforge.org/projects/ruby-aes/]
29 29
 project has Ruby 1.9 bugs that have been open over _two_ _years_ now, {crypt/rijndael}[http://crypt.rubyforge.org/rijndael.html]
30  
-doesn't work on Ruby 1.9 and is slooow (as it's written in Ruby), and some people even report getting
  30
+doesn't work on Ruby 1.9 and is sloooow (as it's written in Ruby), and some people even report getting
31 31
 {inconsistent encryption results from other libraries}[http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/228214].
32 32
 
33  
-So I grabbed some C reference code, wrapped a Ruby interface around it, and voíla.
34  
-
35  
-C'mon people, it's not that hard.  It's called Google.  In my day, you had to actually *WRITE* the code.
  33
+So I grabbed some C reference code off the googles, wrapped a Ruby interface around it, and voíla.
36 34
 
37 35
 == Installation
38 36
 
@@ -86,7 +84,7 @@ result, of the many encryption alternatives, most are either (a) cracked or (b)
86 84
 Personally, when it comes to encryption, I think choosing what the US government chooses is a decent
87 85
 choice.  They tend to be "security conscious."
88 86
 
89  
-=== Special Note
  87
+=== Security Note
90 88
 
91 89
 As this software deals with encryption/decryption, please note there is *NO* *WARRANTY*, not even
92 90
 with regards to FITNESS FOR A PARTICULAR PURPOSE or NONINFRINGEMENT.  This means if you use this
@@ -94,11 +92,25 @@ library, and it turns out there's a flaw in the implementation that results in y
94 92
 hacked, *IT* *IS* *NOT* *MY* *FAULT*.  It's YOUR responsibility to check the implementation of this
95 93
 library and algorithm.  If you can't understand C code, that's NOT MY PROBLEM.
96 94
 
  95
+A little while back a {github issue tracker}[https://github.com/nateware/fast-aes/issues/2] was filed noticing
  96
+that this gem supports ECB and not the (significantly) more secure CBC method.  You can read more details
  97
+on {Wikipedia's ECB writeup}[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29].
  98
+From the article:
  99
+
  100
+    The disadvantage of this method is that identical plaintext blocks are encrypted into
  101
+    identical ciphertext blocks; thus, it does not hide data patterns well. In some senses,
  102
+    it doesn't provide serious message confidentiality, and it is not recommended for use in
  103
+    cryptographic protocols at all.
  104
+
  105
+I'll be honest: I'm not a security expert, and I don't use this for anything top secret.  If you're
  106
+concerned about serious security, you need take responsibility for verifying whether this gem meets
  107
+your requirements.
  108
+
97 109
 == Author
98 110
 
99 111
 Original AES C reference code by Christophe Devine.  Thanks Christophe!
100 112
 
101  
-This gem copyright (c) 2010 {Nate Wiger}[http://nate.wiger.org].  Released under the MIT License.
  113
+This gem copyright (c) 2010-2011 {Nate Wiger}[http://nateware.com].  Released under the MIT License.
102 114
 
103 115
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation
104 116
 files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use,

0 notes on commit 60b1c61

Please sign in to comment.
Something went wrong with that request. Please try again.