best encryption for large data stream?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

best encryption for large data stream?

Brennan-4

I'm implementing openssl on both the client and server side.  I've got the authentication down and need to start with encrypting the data.

First newbie question, do SSLread and SSLwrite perform encryption?

If not, I assume I've got to use the EVP library.

In either case, I'm sending large amounts of data in ~32K chunks.  What algorithm would work best in this scenario?

Thanks,
Brennan

Reply | Threaded
Open this post in threaded view
|

Re: best encryption for large data stream?

Kyle Hamilton
The most secure algorithm that both the client and server support will
be automatically selected by the SSL/TLS negotiation for
authentication, encryption, and message verification.  To ensure this
is the case, use TLSv1_method, and SSL_CTX_set_ciphers("HIGH") on both
the client and server.

SSL_connect and SSL_accept will set up the encryption -- if they
return a SSL_WANT_READ or SSL_WANT_WRITE just go ahead and perform the
call again.  (This may be necessary with nonblocking I/O, especially
during the initial handshake, as the handshake determines the cipher,
the HMAC, and the keys used.)

Also, if you haven't been warned: MAKE SURE YOU SEED THE OPENSSL
LIBRARY FROM A TRULY RANDOM SOURCE.  /dev/random is your friend.
/dev/urandom is not. :)

-Kyle H

On 3/14/06, Brennan <[hidden email]> wrote:

>
>
> I'm implementing openssl on both the client and server side.  I've got the
> authentication down and need to start with encrypting the data.
>
> First newbie question, do SSLread and SSLwrite perform encryption?
>
> If not, I assume I've got to use the EVP library.
>
> In either case, I'm sending large amounts of data in ~32K chunks.  What
> algorithm would work best in this scenario?
>
> Thanks,
> Brennan
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: best encryption for large data stream?

dsf-2
In reply to this post by Brennan-4
> Brennan <[hidden email]>:

>
> I'm implementing openssl on both the client and
server side.  I've got the
> authentication down and need to start with encrypting
the data.
>
> First newbie question, do SSLread and SSLwrite
perform encryption?
>
> If not, I assume I've got to use the EVP library.
>
> In either case, I'm sending large amounts of data in
~32K chunks.  What
> algorithm would work best in this scenario?
>
> Thanks,
> Brennan
>
>
>

RC4 I think.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: best encryption for large data stream?

Kyle Hamilton
I'd recommend AES or another block cipher, if he's sending it in
chunks like that.

Regardless, the highest-bit (and presumedly strongest) cipher will be
selected in any case, and the parameters determined by the TLS/SSL
handshake.

(There are some questions regarding the form of the data that would
change the answer: is there a structure to it?  Is there a specific
end-of-field/end-of-record/end-of-transmission boundary?  Are there
any known bytes within the plaintext?  Known-plaintext attacks are
almost as good as chosen-plaintext attacks against stream ciphers, and
possibly also block ciphers.)

Just whatever you do, avoid ECB mode for any block cipher.

-Kyle H

On 3/15/06, [hidden email] <[hidden email]> wrote:

> > Brennan <[hidden email]>:
> >
> > In either case, I'm sending large amounts of data in ~32K chunks.  What
> > algorithm would work best in this scenario?
> >
> > Thanks,
> > Brennan
> >
> >
> >
>
> RC4 I think.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]