Portuguese English German

Just 'Implement AES' Is A Very Bad Advice

When there is a need to use symmetric encryption (i.e., encryption where 2 or more parties share the same key that is used to either encrypt or decrypt), the most popular algorithm that comes to our minds is Advanced Encryption Standard (AES). So the security requirement for securing data using symmetric encryption for developers should be 'just implement AES', right? Well, you could not be more wrong.

AES has lots of modes of operation [1][2] - which are algorithms - that need to be selected prior to be used. ProTip: don't use ECB mode. Key length of 128 bits or 256 bits? And what about the Padding scheme? So you've generated an IV. Was it generated using a cryptographic secure random library?

These are some of the possible questions regarding an AES implementation. But it doesn't stop there. Once you've decided the settings you have to begin the implementation. Picking the easiest snippet of code from Stack Overflow may not be most secure implementation or may not use the most popular / trusted security library. ProTip: look for libsodium.

Furthermore there are variations between APIs of security libraries.

To give you an example: when using AES GCM in Ruby/NodeJS, the expected output from an encryption function would be ciphertext, IV and a tag. But when doing the same procedure using Java, the default library outputs ciphertext and IV only. So where's the tag? It's concatenated with the ciphertext, thus the real output is (ciphertext + tag) and IV.

Information like this you only discover after researching for a while. And the problem is that a few minority of developers implements encryption heavily, thus the documentation on the Internet is not mature enough I'd say. It's so easy to mess up understanding how an algorithm like AES work talking about API level, let alone implement it.

In case you, as a security engineer, want to roll out some security requirement, please make sure to add along all necessary information to make this implementation go smoothly as it should be.

That's all for today. Thank you.

Share on Twitter Share on Facebook Share on Google Plus Share on LinkedIn Share on Hacker News

Popular Posts