encryption - Best practices for encrypting continuous/small UDP data -

-

I am getting an application where I have to send many small data per second through the network using UDP . The app needs to send data in real time (do not wait). I want to encrypt these data and insure what I am doing is as safe as it is.

Since I am using UDP, there is no way to use SSL / TLS, so I have to encrypt every packet alone because the protocol is non-convincing / unreliable / irregular.

Right now, I am using a 128-bit key from passphrase to the user, and in ABC (PBS using AES-CBC) in CBC mode. I decided to use a random salt with a passphrase to get a 128-bit key (to stop the dictionary attack on passphrase), and of course IS (to stop statistical analysis for packets).

Although I am concerned about some things: Each packet contains small amounts of data (such as some of the integer values ​​per pack), which make the encrypted packet weak for known text attacks (Which will make it easier to circumvent the key) Also, since the encryption key has been received from the passphrase, less space will decrease (I know that salt will help, but once I have to send salt through the network and no one can get it). Given these two things, anyone can smell and store the sent data, and try to crack the key. Although this process may take some time, once the key is broken, all the stored data will be decrypted, which will be a real problem for my application.

So my question is, what is the best practice to send / encrypt continuous small data using a connectionless protocol (UDP)? Is this the best way for me? Was streaming? Overkill ...

Please note that I am not asking for a 100% safe solution, because there is no such thing.

You have several options, you can use DTLS, which is an appetite of TLS for Datagram The version is. It is specified in one and has been implemented in the openssl library. You can also use the IKE / IPsec protocol and you can use an UDP encapsulation of IPsec part. Usually the IPS is available at the OS level. You can also use it, which appears to be a hybrid of TLS and a proprietary UDP-based packet encryption protocol for key exchange.


Comments

Post a Comment

Popular posts from this blog

windows - Heroku throws SQLITE3 Read only exception -

-
After I deploy the app to Heroku, I have to run migration scripts and get this error message ... ITES \ padrino \ prophetmargin & gt; Heroku Rack AR: Rack mutated! SQLite3 :: ReadOnlyException: only one try to write database to read: CREATE TABLE "schema_migrations" ( "version" varchar (255) NOT NULL) /disk1/home/slugs/215264_925fd2c_65a3/mnt/.bundle/gems/gems/ padrino-core- is 0.9.11 / lib / padrino-core / cli / rake.rb: 9: in `init ' how can this be? I also tried to run Heroku dbpush SQLite: //db/my-db.db and that did not work Horoku sqlite3 but using postgres does not do. I'm not sure why you are receiving this error, however, as I have used sqlite3 in development and when pushing it into its travel, they do some magic which migrates to postgrads. I'm absolutely sure how Heroku does 'backwash' this database but it seems that this is happening to you because it's the SQLite db file which is obviously due to Heroku's
Read more

lex - Building a lexical Analyzer in Java -

-
I am currently learning lexical analysis in compiler design. To know how a lexical analyzer actually works, I am trying to build myself. I am planning to make it in Java The input to the lexical analyzer is a .tex file that is of the following format. \ section {script} {intro} \ section {Scope} arbitrary text \ section {relevance} uncontrolled text \ subdivision (profit) arbitrary text \ subsubsection {in real life} \ subdivision {Ingredient} \ end {document} The output of the lecture may be a table of contents with a page number in another file. 1 Introduction 1 1.1 Scope 1 1.2 Relevance 2 1.2.1 Benefits 2 1.2.1.1 Real life 2 1.2.2 loss 3 I hope that This problem is within the scope of Language Analysis Read the .exe file and check '\' and continue to check whether it is actually on search In the sectioning command is set to indicate whether or not a flag variable is the type of sectioning. I hope the above approach will work for the construction of Lexa
Read more

python - rename keys in a dictionary -

-
I want to change the names of keys in a dictionary which are ints, and I need them so that the inputs with key zero They can sort correctly. For example, my keys are like this: '1', '101', '11' and I may need them: '001', '101', '011' What is doing, but I know that there is a better way tmpDict = {} in the ADC for the old: t MpDict ['% 04d'% int (olden)] = addict [oldkey] New controlled = tmpDict You are going wrong about this if you want to draw entries on a line in a specific way, then you have to sort on the extraction. for sorted (D, key = int): print '% s:% R'% (k, d [k]) < / Div>
Read more