CRYPTO NEWS

Chile Halts CBDC Plans Till End of 2022 for More Analysis

The Central Bank of Chile has postponed plans for a central bank digital currency (CBDC), claiming that the issuing of a digital Chilean peso necessitates a more thorough examination of the advantages and hazards, promising a fresh report by the end of the year. The bank released a report on May 11 that contained a […]

Alternative to CBC mode encryption?

Given that CBC mode encryption is vulnerable to padding oracle attacks, what is the next best alternative ? a) Include a hash check in the API scheme, validate the hash and then proceed with CBC. If hash check fails then return error indicating same. Eg: Include HMACSHA256(AES256(plaintext)) checksum that is required to be validated as ::Listen

Given that CBC mode encryption is vulnerable to padding oracle attacks, what is the next best alternative ?

a) Include a hash check in the API scheme, validate the hash and then proceed with CBC. If hash check fails then return error indicating same. Eg: Include HMACSHA256(AES256(plaintext)) checksum that is required to be validated as part of message.

b) Implement a custom CBC mode that include a hmac/equivalent checksum at the end of each encryption block (on the lines of padding). Eg: Create own scheme on the lines of – "AES/CBC/PKCS5Padding/HMACSHA256". Are there any plans drafted by NIST / W3C to incorporate such a scheme?

c) Switch to GCM mode encryption. How does it compare to CBC in terms of cryptographic strength?