Secure Multi-Party Data Classification System

Discussion in 'privacy technology' started by n33m3rz, Sep 12, 2009.

Thread Status:
Not open for further replies.
  1. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    This grew from secure forum. Is currently being developed by professionals but I would appreciate any feedback or advice. Help us get it right the first time!
     

    Attached Files:

    Last edited by a moderator: Sep 12, 2009
  2. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    (This probably doesn't matter much, in reality, so this is going on principle alone.) It doesn't make much since to advocate the use of Whirlpool, while steering away from Rijndael. They're both based on the wide trail srategy, which is still a viable means of secure block cipher design. Furthermore, Whirlpool is facing its own sets of issues these days, with rebound attacks, which is a type of differential attack on block cipher-based hash functions. I'd be curious to know why Whirlpool got the thumbs up, but Rijndael didn't. Security margins aren't conclusive; it's easy to show a metric for which Rijndael's round function achieves full diffusion faster than that of Serpent.

    Rijndael is receiving more cryptanalytical attention than any other block cipher, which makes a big difference when it comes to fielding primitives. Besides, the recent attacks need to be considered within context. It's a matter of redesigning the key schedule to better resist these related-key attacks -- a class of attacks which weren't really taken into account as opposed to other classes of attacks. It would suffice to say that oftentimes, the design requirements for key schedules are less ambitious than other components within a block cipher, with efficiency and performance at the forefront. Overall, I see no reason to toss Rijndael to the side because of these attacks.

    Has any thought been given to a composite scheme (e.g., AES-CTR-then-CMAC-AES) for ensuring the confidentiality and integrity of data?

    Although I haven't read everything yet, it seems like a bit of thought has gone into this design, and the goal of keeping things transparent is certainly a good one, and a hallmark of good security. Once I find the time to read it, I'll get back comments.
     
  3. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    This is my fault for using whirlpool in the example of how passwords are traditionally stored server side, but we actually decided to go with sha-512 for this system. Although we are also using Sha-1 for data integrity.
     
    Last edited: Sep 13, 2009
Loading...
Thread Status:
Not open for further replies.