Status of AES 256 key hash bug?

[Will Sargent]

Hi all,

The pull request for "AES 256 keys not creating the correct hash" has conflicts and can't be merged.

https://github.com/google/keyczar/pull/165

I'm concerned about this, because more and more people are using Suite B, which requires AES-256.

https://www.nsa.gov/ia/programs/suiteb_cryptography/

I'm happy to rebase the merge so there are no conflicts, but what are the implications of #105, #107 and #108 -- is there effectively no impact if the code base is pure Java?  Is using --size=384 a good workaround?

Will.

[Will Sargent]

(Except that 384 isn't a valid size for AES, and I know that both AES-128 and AES-192 are still unbroken, etc.)

--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at http://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.

[devin lundberg]

I added some comments to the PR. Most of the changes in that PR should be safe and do the right thing in case of collision. The modifications to the StreamCache and StreamQueue are more concerning from my perspective, so someone else should take a look (preferably someone who writes thread safe Java often). I have a feeling those will need to be refactored or reverted.

[Jay Tuley]

You are right this is a regression in thread safety, when I did this, I think I assumed a global cache that looks like a map wasn't actually thread safe since cryptostream themselves aren't thread safe. But the cache global cache pulls from a queue of streams that have been finished being use.

I think a good question is whether there is still a performance issue that streams really need to be cached anymore?

Sent from my iPhone

[Jay Tuley]

Sorry I poorly named that PR, it's any key greater than 128bit that has the bug. And you only have issues if you want to interoperate with a non java keyczar. (python, c++, etc)