-
PAPERBACK v1.10 Stable
libertin released this
2024-10-30 13:38:01 +09:00 | 4 commits to main since this releasePaperBack version 1.00 does not implement AES encryption properly. Specifically:
a) The key used for (en|de)cryption in version 1.00 provides at most an effective key strength of less than 50 bits (and likely far less, perhaps on the order of 15-25 bits, depending on password quality) instead of the expected 256 bits. Version 1.10 derives the encryption key from the password via key stretching, significantly improving key strength. This change causes a small delay in the encryption step.
b) PaperBack version 1.0 implements ECB mode symmetric encryption. This mode is subject to a watermark attack and leaks information about the encrypted data. Version 1.00 changes the encryption mode to CBC, which mitigates this attack.
-
AES key length is now selectable in paperbak.h via AESKEYLEN. I suggest not using AES-256, as its key schedule is known to be substandard. See Bruce Schneier's website for details. For the moment I've switched PaperBack to use AES-192.
-
The included libraries are now packaged as binary .lib files. Instructions for rebuilding them from source are included in README.md from the PaperBack source code.
(Olly: mea maxima culpa. I am no cryptanalytic, and wrote Paperback quickly and without much thinking about the strength of the code. Btw, can this new release read old bitmaps?)
Downloads
-
Source code (ZIP)
0 downloads
-
Source code (TAR.GZ)
2 downloads
-
paperbak-1.10.exe.zip
0 downloads ·
2024-10-30 13:37:56 +09:00 · 120 KiB
-