Portuguese English German

Just 'Implement AES' Is A Very Bad Advice

When there is a need to use symmetric encryption (i.e., encryption where 2 or more parties share the same key that is used to either encrypt or decrypt), the most popular algorithm that comes to mind is the Advanced Encryption Standard (AES). So the security requirement for securing data using symmetric encryption for developers should be 'just implement AES', right? Well, you couldn't be more wrong.

AES has lots of modes of operation [1][2] - which are algorithms - that need to be selected prior to being used. ProTip: don't use ECB mode. Should the key length be 128 bits or 256 bits? And what about the Padding scheme? So, you've generated an IV. Was it generated using a cryptographically secure random library?

These are some of the possible questions regarding an AES implementation. But it doesn't stop there. Once you've decided on the settings, you have to begin the implementation. Picking the easiest snippet of code from Stack Overflow may not be the most secure implementation or may not use the most popular/trusted security library. ProTip: look for libsodium.

Furthermore, there are variations between the APIs of security libraries.

To give you an example: when using AES GCM in Ruby/NodeJS, the expected output from an encryption function would be ciphertext, IV, and a tag. But when doing the same procedure using Java, the default library outputs ciphertext and IV only. So where's the tag? It's concatenated with the ciphertext, thus the real output is (ciphertext + tag) and IV.

Information like this you only discover after researching for a while. And the problem is that only a small minority of developers implement encryption heavily, thus the documentation on the Internet is not mature enough, I'd say. It's so easy to mess up understanding how an algorithm like AES works, talking about API level, let alone implementing it.

In case you, as a security engineer, want to roll out some security requirement, please make sure to add all necessary information to make this implementation go as smoothly as it should.

That's all for today. Thank you.

Share on Twitter Share on Facebook Share on LinkedIn Share on Hacker News

Popular Posts