-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Welcome to the Paperback wiki!
PAPERBACK v1.10, known features and faults
PaperBack version 1.00 did not implement AES encryption properly.
Specifically:
a) The key used for (en|de)cryption in version 1.00 provides at most an effective key strength of less than 50 bits (and likely far less, perhaps on the order of 15-25 bits, depending on password quality) instead of the expected 256 bits.
Version 1.10 derives the encryption key from the password via key stretching, significantly improving key strength.
This change causes a small delay in the encryption step.
b) PaperBack version 1.0 implements ECB mode symmetric encryption.
This mode is subject to a Watermark Attack and leaks information about the encrypted data. Version 1.00 changes the encryption mode to CBC, which mitigates this attack.
- AES key length is now selectable in paperbak.h via the variable AESKEYLEN.
It is recommended that AES256 not be used.
AES256's key schedule is known to be substandard, Wikipeida has an adequate explanation of this.
Currently PaperBack to use AES192.
- The included libraries are now packaged as binary .lib files.
Instructions for rebuilding them from source are included in README.md from the PaperBack source code.
Known Functional Defects Paperback with its current codebase cannot be guaranteed to read old bitmaps.