One thing to think about is making sure your scheme isn't vulnerable to truncation attacks.<br><br><div>Alex</div><br><div class="gmail_quote">On Thu Nov 20 2014 at 9:11:23 AM Paul Kehrer <<a href="mailto:paul.l.kehrer@gmail.com">paul.l.kehrer@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Stefan,</div><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">We’ve talked in the past about a recipe for file encryption. The general consensus has been that the project would prefer to implement an existing spec rather than creating one so for now I’m afraid creating your own is probably the “best” path unless you’re familiar with a standardized format that does this?</div><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">If you do choose to implement your own I’d suggest implementing it on top of Fernet using a frame* size that you consider to be a good trade off between ciphertext length per frame and the size of the HMAC. Ideally a spec similar to <a href="https://github.com/fernet/spec" target="_blank">https://github.com/fernet/spec</a> could come out of it.</div><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">-Paul Kehrer</div> <div><br></div>* I’ve been using frame when talking about this type of encryption to avoid confusing it with the native block size of a block cipher, but record (like a TLS record) would be equally descriptive.</div><div style="word-wrap:break-word"><br><p style="color:#000">On November 20, 2014 at 6:27:07 AM, Stefan Pochmann (<a href="mailto:stefan.pochmann@gmail.com" target="_blank">stefan.pochmann@gmail.com</a>) wrote:</p> <blockquote type="cite"><span><div><div></div><div>
<div dir="ltr">I like the Fernet recipe, but I'd like a better
recipe for files. One that doesn't want the entire message at once
(bad for big files) and that doesn't bloat with base64. Should I do
it myself with "hazardous materials" (I might adapt the Fernet
code) or will you maybe add such a recipe soon?
<div><br></div>
<div>Something like this maybe:</div>
<div><br></div>
<div>
<div>f = SomethingLikeFernetButForFiles(key)</div>
<div>for block in f.encrypt(filename, blocksize):</div>
<div> myhandling(block)</div>
<div><br></div>
<div>Or with a handler parameter:</div>
<div><br></div>
<div>f = SomethingLikeFernetButForFiles(key)</div>
<div>f.encrypt(filename, blocksize, myhandling)</div>
</div>
<div><br></div>
<div>Stefan</div>
</div>
_______________________________________________
<br>Cryptography-dev mailing list
<br><a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a>
<br><a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a>
<br></div></div></span></blockquote></div>______________________________<u></u>_________________<br>
Cryptography-dev mailing list<br>
<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/<u></u>mailman/listinfo/cryptography-<u></u>dev</a><br>
</blockquote></div>