[Cryptography-dev] Recipe for files?
Alex Gaynor
alex.gaynor at gmail.com
Thu Nov 20 18:13:53 CET 2014
One thing to think about is making sure your scheme isn't vulnerable to
truncation attacks.
Alex
On Thu Nov 20 2014 at 9:11:23 AM Paul Kehrer <paul.l.kehrer at gmail.com>
wrote:
> Stefan,
>
> We’ve talked in the past about a recipe for file encryption. The general
> consensus has been that the project would prefer to implement an existing
> spec rather than creating one so for now I’m afraid creating your own is
> probably the “best” path unless you’re familiar with a standardized format
> that does this?
>
> If you do choose to implement your own I’d suggest implementing it on top
> of Fernet using a frame* size that you consider to be a good trade off
> between ciphertext length per frame and the size of the HMAC. Ideally a
> spec similar to https://github.com/fernet/spec could come out of it.
>
> -Paul Kehrer
>
> * I’ve been using frame when talking about this type of encryption to
> avoid confusing it with the native block size of a block cipher, but record
> (like a TLS record) would be equally descriptive.
>
> On November 20, 2014 at 6:27:07 AM, Stefan Pochmann (
> stefan.pochmann at gmail.com) wrote:
>
> I like the Fernet recipe, but I'd like a better recipe for files. One that
> doesn't want the entire message at once (bad for big files) and that
> doesn't bloat with base64. Should I do it myself with "hazardous materials"
> (I might adapt the Fernet code) or will you maybe add such a recipe soon?
>
> Something like this maybe:
>
> f = SomethingLikeFernetButForFiles(key)
> for block in f.encrypt(filename, blocksize):
> myhandling(block)
>
> Or with a handler parameter:
>
> f = SomethingLikeFernetButForFiles(key)
> f.encrypt(filename, blocksize, myhandling)
>
> Stefan
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20141120/b45bbbc4/attachment.html>
More information about the Cryptography-dev
mailing list