From f9f9687e8f00ae7821d85d90ad3bdbfc93d019d9 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Tue, 21 Apr 2020 16:23:39 +0200 Subject: [PATCH] document future transition to AES-GCM-SIV as possibility Address Deltatar audit item 2.6/1: miscellaneous suggestions It would be great if we could add support for SIV but there are no immediate plans for doing so. --- deltatar/crypto.py | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/deltatar/crypto.py b/deltatar/crypto.py index 431466e..b3ab9bc 100755 --- a/deltatar/crypto.py +++ b/deltatar/crypto.py @@ -131,6 +131,13 @@ archives essentially consist of a stream of independent objects, the salt and other parameters may change. Thus a key derived using above method from the first object doesn’t necessarily apply to any of the subsequent objects. +Future Developments +------------------------------------------------------------------------------- + +As of 2020 with the format version 1, Deltatar encryption uses the AES-GCM mode +which requires meticulous bookkeeping of initialization vectors. A future +version could simplify this aspect of the encryption by switching to the more +recent AES-GCM-SIV mode (RFC 8452). """ import base64 -- 1.7.1