I've been using the Crypto++ library for a while and now I need to give some serious thought on what's the best way to implement a secure and efficient transmission of data in my app. I would really appreciate any comments and thoughts, even new ideas, as I'm relatively new to encryption.
I have two programs, written in C++ and MFC, which run simultaneously. One sends audio (udp), and the other one sends data (tcp). Everything is transmitted over the Internet, between two points. I want to implement AES 256-bit encryption to secure this transmission. *Point 1: Mode of operation* I've been looking at the different modes of operation for block ciphers, and I'm not sure which one best suits my needs, although I believe I have a basic idea. I think cipher feedback (CFB) could be a good choice, because: 1) it's secure ( i.e. not like ECB ) 2) no is padding needed ( saves bandwidth ) 3) makes the block cipher self-synchronizing I think number 3 is a critical feature because of the nature of the program. AFAIK, when using UDP if a packet is lost then it's not retransmitted. This may have an impact on the mode being used if it relies on an Initializing Vector ( as CFB does ) because you cannot assure you'll get every packet of the sequence. If it wasn't self-synchronizing then this would a problem, right ? How could I solve that ? I've read you cannot repeatedly use the same IV because it's not secure ( as I understand it, the essence of the IV is that it changes during the encryption/decryption process ). *Point 2: Crypto++ linked statically, multiple encryptor/decryptor objects, crashes* In a previous implementation I did , I had the following configuration: Class MyCrypto, which is based on Crypto++. This class has one encryptor and one decryptor objects ( AES, CFB ). Program A: one MyCrypto object. Program B: one MyCrypto object. Both programs run at the same time, encrypting/decrypting data sent/received over the Internet. As I've mentioned before, one takes care of the audio and the other one takes care of some other data. For some reason, this configuration made one of the programs crash. As a workaround, I added a mutex to assure mutually exclusive encryption/decryption operations for both programs, and the problem went away. I think the reason might be that both objects relied on some shared structure/data used within Crypto++, but I'm not sure. Can any of you confirm this theory ? Please let me know if you need more details on this, as it'd be great to get rid of the mutex code, if possible. I know the scenario is not the simplest one, so don't hesitate to ask for more details. Thanks, Walt. -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
