boxcryptor-single-file-decryptor
Tink
Our great sponsors
boxcryptor-single-file-decryptor | Tink | |
---|---|---|
1 | 19 | |
41 | 13,457 | |
- | - | |
0.0 | 9.9 | |
about 4 years ago | 11 days ago | |
C++ | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
boxcryptor-single-file-decryptor
-
Independent Audit: Insights into the Source Code of Boxcryptor
TL;DR: this code should've never passed audit. I've found numerous problems, but I'll focus on the attack that lets someone successfully manipulate a ciphertext and have it successfully decrypt as something else. While the audit report says "Boxcryptor is not enforcing integrity [of ciphertexts]," this attack can let an adversary decrypt a (short) ciphertext, given a padding oracle. This company should've never rolled their own crypto in response to Authenticated Encryption, which has been solved, if you just use a pre-existing library.
I'm surprised that this code has a "successful" audit. The cryptography _protocol_ that is implemented in the linked github repo (https://github.com/secomba/boxcryptor-single-file-decryptor) has several flaws (in addition to having some bad code practices that I'll skip over since this repo is supposed to only document the encryption protocols).
First, the authors' problems appear to stem from their choice to manually implement an unusual (and inefficient) construction of the Authenticated Encryption primitive. Authenticated Encryption is the most common crypto primitive that people when they say "they want encryption." It's placed front-and-center in libsodium, ring, mundane, tink, monocypher, and every modern cryptography library that I've seen, since it is such a common operation. Modern Authenticated Encryption constructions include: AES-GCM, (X)ChaCha20-Poly1305. While there exist others, the industry has converged on these two as the standard.
These block cipher modes did not emerge for no reason. The cryptography community has steadily iterated on what the default should be when somebody asks, "how can I encrypt my file." We've arrived at these constructions, in particular, because previous constructions have had security flaws.
The authors of this repo have chosen to use the following protocol (for decryptDataPBKDF2):
1. Derive two keys (KE, KH) from a password string using PBKDF2. KE is the encryption key used with AES, and KH is an HMAC key (used for multiple purposes, which is problematic).
Tink
-
“Please do not make it public” (Tencent’s Sogou Input Method)
> I wonder what people say when they find a bug despite you using standard crypto?
Not using TLS doesn't automatically mean you need to "roll your own crypto". They could have used a well documentend library such as Google Tink[1] instead of doing their own crypto.
[1] https://github.com/google/tink
-
What are you rewriting in rust?
I sort of rewrote google's tink project in rust. There is already a rust version by project oak but it didn't exactly jive.
-
PassManager
PassManager uses the Tink library for encryption, which provides state-of-the-art** security for your passwords. Tink uses industry-standard encryption algorithms like AES to ensure that your passwords are kept safe from prying eyes.
- Cryptographic Best Practices
-
Using Google Tink to sign JWTs with ECDSA
Note that in the example jwt refers to the Tink jwt package.
- What do you guys use for password hashing?
-
What's new in Jetpack Security Crypto Version 1.1.0-alpha04
What I can't tell is if the new version had any fixes related to the bug being discussed here
-
How do you handle encryption?
Even the slightest hiccup could leave me vulnerable. I don't want to roll my own encryption. I want to use something like tink (a secure crypto library by Google) but unfortunately they don't support node or Javascript (there's a library that was published 2 years ago).
-
Some help with cryptography?
I dont have an answer for you, but 2 resources that are worth checking out: https://developer.android.com/guide/topics/security/cryptography and https://developers.google.com/tink
-
Ask HN: Is there a portable encryption file format?
> Do C (or something where the mapping to C is known), and lots of languages have FFI libs where wrapping that is fairly trivial
That is an interesting idea, yet still a lot of work, sadly. I was hoping somebody had done the legwork already. I looked at Tink [1] and age [2] based on my co-worker's recommendation, but they all seem to have limited implementations in other languages.
[1] https://github.com/google/tink
[2] https://github.com/FiloSottile/age
What are some alternatives?
Jwks RSA
Kalium - Java binding to the Networking and Cryptography (NaCl) library with the awesomeness of libsodium
SSLContext-Kickstart - 🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Available client examples are: Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, Vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k Kohttp and Ktor. Also gRPC, WebSocket and ElasticSearch examples are included
password4j - Java cryptographic library that supports Argon2, bcrypt, scrypt and PBKDF2 aimed to protect passwords in databases. Easy to use by design, highly customizable, secure and portable. All the implementations follow the standards and have been reviewed to perform better in the JVM.
SecurityBuilder - Fluent builders with typesafe API for the JCA
libsodium - A modern, portable, easy to use crypto library.
JObfuscator - JObfuscator is a source code obfuscator for the Java language. Protect Java source code & algorithms from hacking, cracking, reverse engineering, decompilation & technology theft.
otp-java - A small and easy-to-use one-time password generator library for Java implementing RFC 4226 (HOTP) and RFC 6238 (TOTP).
jwt-java - JSON Web Token implementation for Java according to RFC 7519. Easily create, parse and validate JSON Web Tokens using a fluent API.
Crypto++ - free C++ class library of cryptographic schemes
GmSSL - 支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱
node-encryption - Encrypt and decryption