Difference between revisions of "Talk:XTEA Strong Encryption Implementation"

From Second Life Wiki
Jump to: navigation, search
 
Line 1: Line 1:
 
Discuss amongst yourselves:
 
Discuss amongst yourselves:
 +
 +
From a perspective of security, using the XTEA encryption like this in Electronic CodeBook mode is very insecure. There is no authenticity and patterns could be recognized. I recommend developing at least one of the operation modes like OFB and using that together with XTEA and using a nonce that is used really once for each pass and never used again. Also I recommend using [[llMD5String]] to add a hash, that is encrypted together with the data for authentication. A reference can be found at the wikipedia article about [http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Block_cipher_modes_of_operation]. Most of time when you are looking for encrytion, you are really looking for authentification of messages. There llMD5String comes in handy. [[User:Thomas Shikami|Thomas Shikami]] 02:38, 20 October 2007 (PDT)

Revision as of 02:38, 20 October 2007

Discuss amongst yourselves:

From a perspective of security, using the XTEA encryption like this in Electronic CodeBook mode is very insecure. There is no authenticity and patterns could be recognized. I recommend developing at least one of the operation modes like OFB and using that together with XTEA and using a nonce that is used really once for each pass and never used again. Also I recommend using llMD5String to add a hash, that is encrypted together with the data for authentication. A reference can be found at the wikipedia article about Block_cipher_modes_of_operation. Most of time when you are looking for encrytion, you are really looking for authentification of messages. There llMD5String comes in handy. Thomas Shikami 02:38, 20 October 2007 (PDT)