[148118] in cryptography@c2.net mail archive
[Cryptography] Looking for feedback on new Java crypto library
daemon@ATHENA.MIT.EDU (James Yonan)
Mon Nov 11 17:46:44 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 11 Nov 2013 14:09:09 -0700
From: James Yonan <james@openvpn.net>
To: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
I'm releasing a new open source Java library that focuses on encryption
of files and streams in a way that tries to integrate current crypto
best-practices with a foolproof API, while building on the existing Java
Cryptography Extension (JCE).
The primary use case is enabling client-side encryption of files pushed
to the cloud with a simple API that automatically incorporates Explicit
IV, HMAC-based integrity checking, and strong key-derivation methods to
foil hardware-accelerated password cracking.
I would appreciate any comments or feedback, especially on the security
model.
The library is called "Jacs" (Java augmented cipher streams) and the
README on github includes a full security discussion:
https://github.com/jamesyonan/jacs
Rationale:
Java's CipherInputStream and CipherOutputStream classes (from the JCE)
lack two important capabilities:
1. Support for using a randomized "Explicit IV" to ensure that identical
plaintexts encrypt to different ciphertexts even when the same key is used.
2. Integrity checking when decrypting ciphertext, to ensure that the
ciphertext was not forged or tampered with (Jacs uses encrypt-then-MAC
approach, where leading IV + all ciphertext is signed).
The Jacs library adds these capabilities via the new classes
CipherInputStreamIVMAC and CipherOutputStreamIVMAC, which are intended
to be drop-in replacements for CipherInputStream and CipherOutputStream.
CipherInputStream and CipherOutputStream classes are often used to
encrypt data using a password-derived key. While the JCE supports
PBKDF2-SHA1, the speed with which attackers can brute-force SHA1 using
off-the-shelf hardware makes it prudent to consider other alternatives.
So in addition to PBKDF2-SHA1, Jacs integrates support for
PBKDF2-SHA512, Bcrypt, and Scrypt.
Thanks,
James
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography