Documentation ¶
Overview ¶
Package pbenc implements memory-hard password-based encryption via STROBE using balloon hashing.
The protocol is initialized as follows, given a passphrase P, salt S, delta constant D, space parameter N_space, time parameter N_time, block size N_block, and MAC size N_mac:
INIT('veil.kdf.balloon', level=256) AD(LE_U32(D), meta=true) AD(LE_U32(N_block), meta=true) AD(LE_U32(N_mac), meta=true) AD(LE_U32(N_time), meta=true) AD(LE_U32(N_space), meta=true) KEY(P) AD(S)
Then, for each iteration of the balloon hashing algorithm, given a counter C, a left block L, and a right block R:
AD(LE_U64(C)) AD(L) AD(R) PRF(N)
The final block B_n of the balloon hashing algorithm is then used to key the protocol:
KEY(B_n)
Encryption of a message M is as follows:
SEND_ENC(M) SEND_MAC(T)
The ciphertext C and MAC T are returned.
Decryption of a ciphertext C and MAC T is as follows:
RECV_ENC(C) RECV_MAC(T)
If the RECV_MAC call is successful, the plaintext is returned.
It should be noted that there is no standard balloon hashing algorithm, so this protocol is in the very, very tall grass of cryptography and should never be used.
Index ¶
Constants ¶
const Overhead = internal.MACSize
Variables ¶
This section is empty.
Functions ¶
Types ¶
This section is empty.