CheatSheetSeries
CheatSheetSeries copied to clipboard
Update: Cryptographic Storage Cheat Sheet
What is missing or needs to be updated?
The "Cryptographic Storage Cheat Sheet" has a couple of things I would like to help improve.
-
The "Cryptographically Secure Functions" for random number generation lists
RNGCryptoServiceProvider
for C# / .NET. This API has been obsolete in newer versions of .NET. The replacement is justRandomNumberGenerator
. -
The mention of using AES XTS mode is somewhat out of place. XTS is extremely specialized and those that do need it likely already know they are in such a specialized scenario. I would perhaps recommend removing the mention of XTS entirely as not to cause people to believe it is applicable to them. I don't feel super strongly about this - however if I were looking at a system which uses AES-XTS I would be very skeptical going in.
-
I think it would be worthwhile to discuss nonce generation and exhaustion with various modes. While AES-GCM is a preferable cipher, reusing a nonce (IV) is catastrophic. For this reason, NIST specifically recommends rotating the key after it has been used 232 times. (See NIST SP800-38D section 8.3.). CTR mode also fails catastrophically with IV reuse.
How should this be resolved?
Using the suggestions above.
- Mention "both", I suppose, so that those on older versions of .NET still know to use
RNGCryptoServiceProvider
. - Consider dropping the paragraph mentioning XTS mode.3.
- Create a section discussing each modes expectations around nonces, and the consequence of duplicate nonces.
Awesome! Thank you @vcsjones! Do you want to create PR with the updates?
@mackowski Yep. Will probably be in the next few days.
Thanks @vcsjones!
@vcsjones are you still planning to work on this? Otherwise I may be able to take it.
@szh I think that we can assume that you can work on this :)
@szh yep, please do! Sorry I didn't get to this soon :-(