Status of v3.1 and v4.0 data format implementations?

36 views
Skip to first unread message

Curtis Farnham

unread,
Mar 6, 2017, 12:36:06 PM3/6/17
to rncryptor
Hi everyone,

Curtis here, the maintainer of RNCryptor-PHP.  This question might mainly be for Rob Napier, but others might have an answer too. What is the status of the v3.1 and v4.0 data formats in terms of implementations?  He introduced these drafts a long time ago, but I just looked at the Readme files for all the different implementations and I don't see anyone mentioning 3.1 or 4.0.  Do we have any libraries that support them, and I just missed it?  Or are there any implementations being developed just not released yet?

I ask because I just released a major code refresh for RNCryptor-PHP today, and while this project has my attention I am considering adding support for these latest two specs.  But if these specs have been abandoned, I will devote my time to other projects. ;-)

Thanks,
Curtis

Rob Napier

unread,
Mar 6, 2017, 8:11:51 PM3/6/17
to rncr...@googlegroups.com, Robert Vaessen
Nothing supports 3.1 or 4.0. I will almost certainly never implement 3.1 (it was meant as a kind of "stop-gap" before moving to 4, but that's unnecessary). I've long considered implementing v4, but the current draft needs a few modifications, and while it adds some nice features, there really hasn't been a strong demand for them (versus video-encryption, which does not require a new format, and which Robert Vassen has started investigating).

If you're interested in pushing forward on a v4 implementation, I'd be happy to fix up the spec with the feedback I've received so it's in a place to implement. The changes are pretty minor. My great fear in actually moving forward on it is that it would lead to v4 encryptions that only can be decrypted by about half the implementations. So I'd be interested to see how many others are interested in pursuing v4.

The two big features are:

* You can quickly determine if the password is correct without decrypting the entire file
* You can tune the number of PBKDF2 iterations, which makes it possible to interoperate with JavaScript (which is too slow otherwise).

-Rob


--
You received this message because you are subscribed to the Google Groups "rncryptor" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rncryptor+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/rncryptor.
For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages