I am working with this PHP encryption class using CRYPT_RIJNDAEL_256 and MCRYPT_MODE_CBC with a fixed 32-byte (64 character) HMAC key, as my basis.
The class is a result of previous discussions and remarks made on this blog page. and seems like a solid implementation as such. However there are a few aspects discussed I am still not clear on:
The only thing it adds is predictable plaintext positions which will aide a cryptanalyst. I recommend removing the serialization and using PKCS7 padding.
Now that the encryption method uses HMAC and that the serialization avoids the '\0' padding issue. Is it still a good idea to use a PKCS padding even when the HMAC is used (and the serialization kept)?
Or in other words, does the HMAC alone solve the "predictable plaintext position"?
Aucun commentaire:
Enregistrer un commentaire