What is the best algorithm (security and performance) for a storage server (WebDAV) programmed in php, to encrypt/decrypt different files (and sizes between 1Byte and 3GB)? AES256? And why? And which mcrypt mode should I use? (ECB?)
Asked
Active
Viewed 536 times
-1
-
Impossible to answer - security and performance are balanced according to your personal priorities. Best performance = no security. Tightest security = worst performance, or is very likely to be. – David M May 08 '12 at 13:45
-
@DavidM You shoulnd't have downvoted. He did say AES and file server. AES is not really that demanding in our days, especially for a web file server. Not to mention the newest CPU generations have AES hardware optimizations. – Tiberiu-Ionuț Stan May 08 '12 at 13:53
-
Er ... I didn't downvote. Why are you accusing me? – David M May 08 '12 at 13:58
-
@DavidM I was assuming, since there were 2 downvotes, and only one negativist commenter. I guess people don't leave reasons when downvoting anymore. – Tiberiu-Ionuț Stan May 08 '12 at 14:00
-
No, they often don't. It's plain rude. I try always to flag when I have done it and why. Nothing wrong with the question to deserve a downvote, my comment wasn't against the question but rather pointing out an issue with its aim. – David M May 08 '12 at 14:03
-
AES modes are debated here (mostly about security, not performance): http://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb/ – Tiberiu-Ionuț Stan May 08 '12 at 18:34
1 Answers
0
For security use CBC (it only differs on CPU performance, and CPU performance with AES in CBC mode is too fast even for the fastest drives).
Avoid ECB, it is really easy to break, especially with large datasets. If CBC mode is not available, first compress and XOR with a very long password, before using ECB.
Do you need on-the-fly decryption at random seek points? If yes, ignore the above, go with ECB, and write your file IO layer to decrypt from the start of each block. Keep in mind this is pretty bad for security (at least try to change the key based on a secret algorithm of yours for each block).
AES modes are debated here.
Community
- 1
- 1
Tiberiu-Ionuț Stan
- 5,033
- 5
- 34
- 61
-
-
Will my own experience with AES with some pretty paranoid security requirements applications, do? – Tiberiu-Ionuț Stan May 08 '12 at 13:56
-
Since encryption is basically maths, it won't hurt to prove or at least indicate why ECB is really easy to break. Just *saying* it is means nothing. Also, advising someone to write their own IO layer to decrypt from the start of each block is just silly, if you consider that the person in question probably isn't experienced with encryption, let alone with what each block is and how to write a file IO layer. It won't hurt if you expand your answer, include examples and experiences if possible. – N.B. May 08 '12 at 14:00
-
I am waiting for clarification on wether he needs seeking or not, before expanding my answer. – Tiberiu-Ionuț Stan May 08 '12 at 14:02
-
hmm so it's a webdav server, I don't think I need On-the-fly decryption. A file has to be decrypted only If I call a GET request on the file. CPU Perf: The webdav is for 1000-20'000 users so we need a big server anyway^^ I probably go with AES256 and CBC.... – raffis May 08 '12 at 14:19
-
And encrypted If a user uploads a new file, but that's the point, this process should not be dependent on the encryption process of the file. But we need also some security for 10'000 users :) – raffis May 08 '12 at 14:30
-
@raffis WebDAV supports the HTTP Accept-Ranges header (which means WebDAV clients might attempt to make use of it). If you decide not to suport range requests, make sure you advertise it by sending the "Accept-Ranges: none" header. – Tiberiu-Ionuț Stan May 08 '12 at 16:44