[144877] in cryptography@c2.net mail archive
Re: Detecting attempts to decrypt with incorrect secret key in OWASP ESAPI
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Fri Sep 18 11:31:50 2009
From: "Joseph Ashwood" <ashwood@msn.com>
To: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Cc: <cryptography@metzdowd.com>
In-Reply-To: <4AB174C7.7060901@gmail.com>
Date: Fri, 18 Sep 2009 00:17:33 -0700
--------------------------------------------------
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Subject: Re: Detecting attempts to decrypt with incorrect secret key in
OWASP ESAPI
> So given these limited choices, what are the best options to the
> questions I posed in my original post yesterday? As Peter mentioned, we
> want to give web app developers something that will work out-of-the-box.
It isn't difficult to implement CMAC and CTR modes in pure Java. The NIST
specs for CMAC and CTR are plenty clear. You'll be looking for the
AES/ECB/NoPadding option. From there use update it returns a byte []. I've
used the standard JCE implementation in this way to implement unsupported
modes before, it works.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
