I'd prefer AES-256/GCM always, because either you have a hash function with
512 bits output and hence some tolerance for 256-bit keys
or for password derivation you have always something like scrypt/ argon/
PHC winner/ PBKDF2 and hence can chose arbitrary derived key lengths.
I'd see no reason to choose AES-128 over AES-256 (except for maybe speed
but that's negligible with AES)
BR
JPM
Am Montag, 23. Februar 2015 17:41:13 UTC+1 schrieb Ilya Bizyaev:
>
> OK, the header now looks like this:
> ----------------------------------------------------
> struct Entangle_Header {
> char salt[64];
> ............. /*More if needed*/
> /* ----- Format ----- */
> uint16_t prog_version; /* Header format version */
> uint64_t file_size; /* size of original file */
> byte keys[32]; /* AES-256 key storage area */
> ............. /*More data for GCM if needed*/
> }
> ----------------------------------------------------
> And what about encrypting the header with AES-128/GCM and the very file
> with AES-256/GCM? That seems to be quite secure for the file and simple for
> the user (16 char key).
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
