pomerium/internal/cryptutil/README.md
2019-01-02 12:13:36 -08:00

1.8 KiB

Generating random seeds

In order of preference:

  • head -c32 /dev/urandom | base64
  • openssl rand -base64 32 | head -c 32 | base64

Encrypting data

TL;DR -- Nonce reuse is a problem. AEAD isn't a clear choice right now.

Miscreant

  • AES-GCM-SIV seems to have ideal properties
  • random nonces

nacl/secretbot

  • Fast
  • XSalsa20 wutg Poly1305 MAC provides encryption and authentication together
  • A newer standard and may not be considered acceptable in environments that require high levels of review. -/+ maintained as an /x/ package
  • doesn't use the underlying cipher.AEAD api.

GCM with random nonces

  • Fastest
  • Go standard library, supported by google $
  • Easy to get wrong
  • IV reuse is a known weakness so keys must be rotated before birthday attack. NIST SP 800-38D recommends using the same key with random 96-bit nonces (the default nonce length) no more than 2^32 times

Further reading on tradeoffs: