Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use an AEAD cipher instead of AES-CBC + HMAC-SHA1 #50

Closed
DemiMarie opened this issue Jun 9, 2016 · 3 comments
Closed

Use an AEAD cipher instead of AES-CBC + HMAC-SHA1 #50

DemiMarie opened this issue Jun 9, 2016 · 3 comments

Comments

@DemiMarie
Copy link

DemiMarie commented Jun 9, 2016
edited
Loading

cookie-rs currently uses AES-256-CBC and then HMAC-SHA1 in encrypt-then-MAC. This is secure, since AES-256-CBC and HMAC-SHA1 are both individually secure and because they are used in encrypt-then-MAC.

However, neither AES-256-CBC nor HMAC-SHA1 is fast, even when AES is hardware accelerated (due to the serial nature of CBC mode). ChaCha20-Poly1305 is much faster.

Again, cookie-rs's current crypto is not insecure, just slow.
@alexcrichton
Copy link
Collaborator

Ideally this'd actually be configurable rather than only hardcoding one and calling it a day, but I'm somewhat hesitant to deviate away from the source of this, Rails, which is probably much more experienced than I :)

@frewsxcv frewsxcv mentioned this issue Jan 8, 2017
Closed
@frewsxcv
Copy link
Contributor

frewsxcv commented Jan 8, 2017

Opened a PR: #68.

@SergioBenitez SergioBenitez mentioned this issue Feb 15, 2017
Merged
@briansmith
Copy link
Contributor

There's another PR for this: #76.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@briansmith @alexcrichton @frewsxcv @DemiMarie