The best crypto you've never heard of, brought to you by Phil Rogaway
Ruby implementation of Miscreant: Advanced symmetric encryption library which provides the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. These algorithms are easy-to-use (or rather, hard-to-misuse) and support encryption of individual messages or message streams.
AES-SIV provides nonce-reuse misuse-resistance (NRMR): accidentally reusing a nonce with this construction is not a security catastrophe, unlike it is with more popular AES encryption modes like AES-GCM. With AES-SIV, the worst outcome of reusing a nonce is an attacker can see you've sent the same plaintext twice, as opposed to almost all other AES modes where it can facilitate chosen ciphertext attacks and/or full plaintext recovery.
For more information, see the toplevel README.md.
Have questions? Want to suggest a feature or change?
Though this library is written by cryptographic professionals, it has not undergone a thorough security audit, and cryptographic professionals are still humans that make mistakes. Use this library at your own risk.
This library is tested against the following MRI versions:
Other Ruby versions may work, but are not officially supported.
Add this line to your application's Gemfile:
gem "miscreant"
And then execute:
$ bundle
Or install it yourself as:
$ gem install miscreant
The Miscreant::AEAD class provides the main interface to the AES-SIV
misuse resistant authenticated encryption function.
To make a new instance, pass in a binary-encoded 32-byte or 64-byte key. Note that these options are twice the size of what you might be expecting (AES-SIV uses two AES keys).
secret_key = Miscreant::AEAD.generate_key
encryptor = Miscreant::AEAD.new("AES-SIV", secret_key)
The Miscreant::AEAD#seal method encrypts a binary-encoded message along with
a set of associated data message headers.
It's recommended to include a unique "nonce" value with each message. This prevents those who may be observing your ciphertexts from being able to tell if you encrypted the same message twice. However, unlike other cryptographic algorithms where using a nonce has catastrophic security implications such as key recovery, reusing a nonce with AES-SIV only leaks repeated ciphertexts to attackers.
Example:
message = "Hello, world!"
nonce = Miscreant::AEAD.generate_nonce
ciphertext = key.seal(message, nonce)
The Miscreant::AEAD#open method decrypts a binary-encoded ciphertext with the
given key.
Example:
message = "Hello, world!"
nonce = Miscreant::AEAD.generate_nonce
ciphertext = key.seal(message, nonce)
plaintext = key.open(ciphertext, nonce)
We abide by the Contributor Covenant and ask that you do as well.
For more information, please see CODE_OF_CONDUCT.md.
Bug reports and pull requests are welcome on GitHub at https://github.com/miscreant/miscreant
Copyright (c) 2017 The Miscreant Developers. See LICENSE.txt for further details.
FAQs
Unknown package
We found that miscreant demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.