Home
JAQForum Ver 24.01
Log In or Join  
Active Topics
Local Time 07:18 23 Dec 2024 Privacy Policy
Jump to

Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me.

Forum Index : Microcontroller and PC projects : Draft PicoMite 6.00.01 User Manual

     Page 9 of 9    
Author Message
thwill

Guru

Joined: 16/09/2019
Location: United Kingdom
Posts: 4066
Posted: 09:11am 18 Dec 2024
Copy link to clipboard 
Print this post

By no means my area of expertise, but for anything other than ECB don't you need a way of specifying an Initialisation Vector ?

... also ECB is not secure.

Best wishes,

Tom
Edited 2024-12-18 19:13 by thwill
Game*Mite, CMM2 Welcome Tape, Creaky old text adventures
 
twofingers
Guru

Joined: 02/06/2014
Location: Germany
Posts: 1303
Posted: 09:19am 18 Dec 2024
Copy link to clipboard 
Print this post

  thwill said  ... also ECB is not secure.

That's what I read too.
Michael
causality ≠ correlation ≠ coincidence
 
matherp
Guru

Joined: 11/12/2012
Location: United Kingdom
Posts: 9285
Posted: 09:24am 18 Dec 2024
Copy link to clipboard 
Print this post

There is an initialisation vector for CBC and CTR built into the firmware. I could expose this as an extra parameter but haven't thus far unless someone specifically has a requirement.
 
thwill

Guru

Joined: 16/09/2019
Location: United Kingdom
Posts: 4066
Posted: 09:27am 18 Dec 2024
Copy link to clipboard 
Print this post

  matherp said  There is an initialisation vector for CBC and CTR built into the firmware. I could expose this as an extra parameter but haven't thus far unless someone specifically has a requirement.


That's insecure, read the "Properties" section of https://en.wikipedia.org/wiki/Initialization_vector

Edit: ... trivially insecure given the IV is in public source code.

Best wishes,

Tom
Edited 2024-12-18 19:31 by thwill
Game*Mite, CMM2 Welcome Tape, Creaky old text adventures
 
matherp
Guru

Joined: 11/12/2012
Location: United Kingdom
Posts: 9285
Posted: 09:43am 18 Dec 2024
Copy link to clipboard 
Print this post

OK

Updated manual entry

  Quote  MATH AES128 ENCRYPT/DECRYPT CBC/ECB/CTR key$/key(), in$/in(), out$/out() [,iv$/iv()]
This command encrypts or decrypts the data in 'in' and puts the answer in 'out' using the AES128 encryption method specified
The parameters can each be either a string, integer array, or float array with any mix possible
The key must be 16 elements long (16*8=128bits)
in and out must be a multiple of 16 elements long.
In the case of out being specified as a string (e.g. out$). The string variable must exist and should be set to empty (DIM out$="")
The maximum number of elements in 'in' and 'out' is 256 when defined as arrays or 128 if one or other is defined as a string
For CBC and CTR encryption/decryption you can optionally specify an initialisation vector 'iv'. 'iv' must be 16 elements long (16*8=128bits)
 
twofingers
Guru

Joined: 02/06/2014
Location: Germany
Posts: 1303
Posted: 09:51am 18 Dec 2024
Copy link to clipboard 
Print this post

  matherp said  
  Quote  ...For CBC and CTR encryption/decryption you can optionally specify an initialisation vector 'iv'. 'iv' must be 16 elements long (16*8=128bits)

Sounds good to me. Interesting topic, although I won't actually use it, I guess?
Regards
Michael
causality ≠ correlation ≠ coincidence
 
twofingers
Guru

Joined: 02/06/2014
Location: Germany
Posts: 1303
Posted: 05:53pm 22 Dec 2024
Copy link to clipboard 
Print this post

Hi Geoff,
On page 80 of the manual I read:
DIM INTEGER Str1(MaxLen/8), Str2(MaxLen/8), Str3(MaxLen/8)

These will contain empty strings when created (ie, their length will be zero). When these variables are passed to the long string functions they should be entered as the variable name followed by empty brackets. For example:

LONGSTRING COPY Str1(), Str2()

Long string variables can be passed as arguments to user defined subroutines and functions. For example:

Sub MySub lstr() AS INTEGER
PRINT "Long string length is" LLEN(lstr())
END SUB

And it could be called like this:

MySub str1()

Wouldn't it make more sense if you wrote
Sub MySub str1() AS INTEGER
PRINT "Long string length is" LLEN(str1())
END SUB
?
Regards
Michael
causality ≠ correlation ≠ coincidence
 
     Page 9 of 9    
Print this page


To reply to this topic, you need to log in.

© JAQ Software 2024