Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(cipher): fix salt misuse resistance calculations [#16] #17

Merged
merged 3 commits into from
Jul 6, 2024
Merged

docs(cipher): fix salt misuse resistance calculations [#16] #17

merged 3 commits into from
Jul 6, 2024

Conversation

rmlibre
Copy link
Owner

@rmlibre rmlibre commented Jul 6, 2024
edited
Loading

Description

Detailed in (#16)

Expected behavior

Detailed in (#16)

Remediations

Apply documentation updates

  • doc strings

There were two different passage types, both of which were updated.

aiootp/aiootp/ciphers/key_bundle.py

Lines 225 to 245 in 0f072eb

@property
def salt(self) -> bytes:
"""
A [pseudo]random salt that may be supplied by the user. By
default it's sent in the clear attached to the ciphertext.
Thus it may simplify implementing efficient features, such
as search or routing, though care must still be taken when
considering how leaking such metadata may be harmful.
Keeping this value constant is strongly discouraged. Though,
the cipher's salt misuse-reuse resistance is ruled by the
combination of the automatically incorporated `timestamp`,
`iv`, & `siv_key`. The risk calculation starts with setting
r = len(iv + siv_key) / 3. Then, all else staying constant,
once 256**r messages are encrypted within a second, each
additional encrypted message within that same second begins
to have more than a 256**(-r) chance of generating a repeat
context.
See: https://github.com/rmlibre/aiootp/issues/16
"""

aiootp/aiootp/ciphers/padding.py

Lines 58 to 67 in 0f072eb

`Inner-Header`: Prepends a timestamp & SIV-key. The timestamp supports
a time-to-live feature for ciphertexts which can mitigate replay
attacks. Together with the random SIV-key, the uniqueness of the
session's initialization is ensured on every tick of the clock,
therefore extending salt misuse-reuse resistance. The risk
calculation starts with setting r = len(iv + siv_key) / 3. Then,
all else staying constant, once 256**r messages are encrypted
within a second, each additional encrypted message within that
same second begins to have more than a 256**(-r) chance of
generating a repeat context.

  • README.rst

There were no detailed passages specifically mentioning these calculations in the readme.

Resolution related to (#16)

@rmlibre rmlibre added documentation Improvements or additions to documentation invalid This doesn't seem right labels Jul 6, 2024
@rmlibre rmlibre self-assigned this Jul 6, 2024
@rmlibre rmlibre marked this pull request as ready for review July 6, 2024 16:56
@rmlibre rmlibre changed the title [DRAFT] docs(cipher): salt misuse resistance calculations inaccurate [#16] docs(cipher): salt misuse resistance calculations inaccurate [#16] Jul 6, 2024
@rmlibre
Copy link
Owner Author

rmlibre commented Jul 6, 2024

Resolved by (ea07198)

@rmlibre rmlibre merged commit 616967b into main Jul 6, 2024
15 checks passed
@rmlibre rmlibre changed the title docs(cipher): salt misuse resistance calculations inaccurate [#16] docs(cipher): fix salt misuse resistance calculations [#16] Jul 6, 2024
@rmlibre rmlibre deleted the fix_bday_bound_docs branch July 7, 2024 04:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rmlibre rmlibre

Labels
documentation Improvements or additions to documentation invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rmlibre