You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+20-9Lines changed: 20 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,9 +9,19 @@
9
9
10
10
This project is based on the Rust crate `crypt_guard`. You can read more about the crate [here](https://crates.io/crates/crypt_guard).
11
11
12
-
### Pre-Release
12
+
### Stable Pre-Release
13
13
14
-
This is a pre-release version, currently lacking proper error handling. The foundation is already laid and will soon integrate improved error handling and additional security features. Despite this, by following the README and CLI help, you should not encounter major issues. Currently, the highest security key types (Kyber 1024, Falcon 1024, and Dilithium 5) have been tested.
14
+
This is a pre-release version which is stable but currently lacks proper error handling. The foundation is already laid and will soon integrate improved error handling and additional security features. Despite this, by following the README and CLI help, you should not encounter major issues. Currently, the highest security key types (Kyber 1024, Falcon 1024, and Dilithium 5) have been tested. Also tested is encryption with AES, AES_GCM_SIV, AES_CTR, XChaCha20, and XChaCha20Poly1305.
15
+
16
+
Note that basic AES uses ECB mode, which is the simplest mode of operation and is considered insecure because it encrypts each block of data independently. For better security, use AES_GCM_SIV or AES_CTR.
17
+
18
+
Regarding the differences between AES_CTR, AES_GCM_SIV, and XChaCha20Poly1305:
19
+
20
+
-**AES_CTR**: AES in Counter (CTR) mode is a symmetric key algorithm that provides confidentiality by turning a block cipher into a stream cipher. It requires careful management of the nonce to ensure security. Unlike ECB, it does not reveal data patterns, but without additional authentication, it only ensures confidentiality, not integrity. Therefore, it is recommended to pair it with an integrity check for added security.
21
+
22
+
-**AES_GCM_SIV**: AES in Galois/Counter Mode (GCM-SIV) combines both encryption and authentication, offering confidentiality and data integrity. GCM-SIV is designed to be nonce-misuse resistant, which means that even if a nonce is reused by mistake, it does not compromise security as badly as traditional GCM. It is particularly useful in situations where unique nonce management is difficult.
23
+
24
+
-**XChaCha20 vs XChaCha20Poly1305**: XChaCha20 focuses purely on encryption with a longer nonce, while XChaCha20-Poly1305 combines encryption with message authentication, making it a stronger choice for securing both the confidentiality and integrity of data.
**Please note that XChaCha20 returns a nonce that is not automatically saved and needs to be noted down!**
160
+
**Please note that each AES_GCM_SIV, AES_CTR, XChaCha20 and XChaCha20Poly1305 return a nonce that is not automatically saved and needs to be noted down!**
0 commit comments