Difference between revisions of "Talk:XTEA Strong Encryption Implementation"

From Second Life Wiki
Jump to navigation Jump to search
Line 2: Line 2:


From a perspective of security, using the XTEA encryption like this in Electronic CodeBook mode is very insecure. There is no authenticity and patterns could be recognized. Even using RC4 would be more secure. I recommend developing at least one of the operation modes like OFB and using that together with XTEA and using a nonce that is used really once for each pass and never used again. Also I recommend using [[llMD5String]] to add a hash, that is encrypted together with the data for authentication. A reference can be found at the wikipedia article about [http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Block_cipher_modes_of_operation]. Most of time when you are looking for encrytion, you are really looking for authentification of messages. There llMD5String comes in handy. [[User:Thomas Shikami|Thomas Shikami]] 02:38, 20 October 2007 (PDT)
From a perspective of security, using the XTEA encryption like this in Electronic CodeBook mode is very insecure. There is no authenticity and patterns could be recognized. Even using RC4 would be more secure. I recommend developing at least one of the operation modes like OFB and using that together with XTEA and using a nonce that is used really once for each pass and never used again. Also I recommend using [[llMD5String]] to add a hash, that is encrypted together with the data for authentication. A reference can be found at the wikipedia article about [http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Block_cipher_modes_of_operation]. Most of time when you are looking for encrytion, you are really looking for authentification of messages. There llMD5String comes in handy. [[User:Thomas Shikami|Thomas Shikami]] 02:38, 20 October 2007 (PDT)
It should be noted that XTEA's chr & ord functions are wrong. -- [[User:Strife Onizuka|Strife Onizuka]] 23:53, 6 December 2007 (PST)

Revision as of 23:53, 6 December 2007

Discuss amongst yourselves:

From a perspective of security, using the XTEA encryption like this in Electronic CodeBook mode is very insecure. There is no authenticity and patterns could be recognized. Even using RC4 would be more secure. I recommend developing at least one of the operation modes like OFB and using that together with XTEA and using a nonce that is used really once for each pass and never used again. Also I recommend using llMD5String to add a hash, that is encrypted together with the data for authentication. A reference can be found at the wikipedia article about Block_cipher_modes_of_operation. Most of time when you are looking for encrytion, you are really looking for authentification of messages. There llMD5String comes in handy. Thomas Shikami 02:38, 20 October 2007 (PDT)

It should be noted that XTEA's chr & ord functions are wrong. -- Strife Onizuka 23:53, 6 December 2007 (PST)