Is it cryptographically insecure to use fixed-length AES-GCM messages?

Is there any weaknesses to encrypting fixed-length messages? Should a random amount of padding be added to the message to decrease the odds of some sort of attack?

development – How to cryptographically verify the authenticity and integrity of Android Studio releases (with gpg?)

For a given Android Studio release published by Google, how can I cryptographically verify the authenticity and integrity of the .tar.gz file that I downloaded before I copy it onto a USB drive and attempt to install it on my laptop?

Today I wanted to download Android Studio, but the download page said nothing about how to cryptographically verify the integrity and authenticity of their release after download.

https://developer.android.com/studio#downloads

I expected to see a message on the download page telling me:

  1. The fingerprint of their PGP release signing key,
  2. A link to further documentation, and
  3. Links to (a) a manifest file (eg SHA256SUMS) and (b) a detached signature of that manifest file (eg SHA256SUMS.asc, SHA256SUMS.sig, SHA256SUMS.gpg, etc)

Unfortunately, the only information I found on the download page was how to verify the integrity of the tarball using a SHA-256 checksum found in a table on the same page. Obviously, this checks integrity but not authenticity. And it provides no security because it’s not out-of-band from the .tar.gz itself.

How can I preform cryptographic integrity and authenticity verification with Google’s Android Studio releases?

Is the random generation of passwords from an assortment of dictionary words cryptographically secure?

We should all know the XKCD comic book about password strength, suggesting (appropriately) that a password based on many common words are safer and more memorable than a password such as Aw3s0m3s4u(3 or something.

I have an application (cross-platform) for which I want to generate somewhat secure passwords, and my password requirements are much less demanding: if the password does not have a password 39 spaces, I expect that “ multiple symbols, numbers, mixed alpha and 6+ characters & # 39; & # 39; , but if the password has more than one non-consecutive space I release the symbol / number / mixed case constraint and ask instead at least two words of at least 4 characters individually, with a minimum password length of 15 characters.

The question does not concern this aspect, but on generation: assuming I want to generate a password that is easy to remember and difficult for the user to guess, is it cryptographically safe to generate a password based on about 5 dictionary words to from a list of 10k words? (Literally, 10,000 words are in my database, extracts from various sources, e-mails, etc.) These are all fairly common words, no less than 3 characters.

Now i don't know want to to make these one-time passwords but i think i should at least ask the user to change it to something else when logging in after using this generated password, which is fine and i can, but I also want users to have the option (when changing a password) to generate a "secure" password that meets my needs.

From a cracking perspective, would it be easy / difficult to attack a password generated using this scheme? There is no fixed length, the words in this database table range from 3 to 11 characters (environment is a word in the database, for example)? The program generating the passwords Will not do choose two words with 4 characters or less (so the shortest password could be a three character word, 4 five character words and 4 spaces, for a total of 27 characters), and it Will not do use the same term twice in a password.

Based on the examples I have run, the average length of passwords generated by the program is around 34 characters, which seems acceptable to me. Even if we assume that each of the minimum 27 non-space characters (so 23 characters at the end) can be 26 possible states (a-z), that’s 23^26 or 2.54e+35 opportunities.

The database contains 994 words of 3 to 4 characters.

It can also be assumed that the attacker at dictionary and generation parameters / algorithms. Is it still secure, can I get away by removing a word from the generated password (it's always 21 characters, for 18^26 possibilities (4.33e+32) based on entropy alone), the only problem I see is that it is not based on character entropy, but on the word entropy, which would mean that the 5-word password is 10000*9006*9005*9004*9003 possibilities, or 6.5e+19 possibilities, and the 4-word password is 10000*9006*9005*9004 possibilities, or 7.30e+15. Compared to a normal 6-character password ((26+26+10+33)^6 or 7.35e+11 possibilities: 26 lower alpha, 26 higher alpha, 10 Numbers, 33 symbols) it is clearly stronger.

Another hypothesis that I made: the users will write that down, they always do. I suspect only five random words on a piece of paper (hopefully not in direct view, but alas, this is the most likely scenario) are less likely to be chosen as a potential password than a term, well, complex which looks like a traditional password.

Finally, before I get to my real questions, the passwords are all salted before being stored in the database and then chopped with the SHA-512 100 times algorithm, with salt added between each hash. If the user logs in correctly, the salt is changed and a new password hash is created. (I guess it doesn't help much in a brute force offline attack, but I think it should help against active online attacks.)

DatabasePassword = SHA512(...SHA512(SHA512(SHA512(password + salt) + salt) + salt) + salt)...)

So, finally, my real questions:

  1. Are my calculations correct? (You don't necessarily have to answer that, I'm sure it is close enough in principle to demonstrate my concerns.)
  2. Is generation secure or should I stick to "traditional" password generation? Note that an attacker does not have all idea if the user password was generated with this algorithm or selected by the user, the attacker can make an assumption if they know the length, but it may or may not be safe.
  3. Finally, did I make assumptions that significantly modify (increase or decrease) the security of this "idea"? (Assuming that the character entropy of a 6 character password is 95, for example.)

I apologize for the length, I'm used to explaining myself j & # 39; hope reduce confusion.


It was pointed out that my question is extremely similar to this, I want to point out the differences in my generation method (although, honestly, it is still similar enough that it can be considered a duplicate, I leave it to the community to decide ):

  1. Each word is separated by a space, which means that all characters, except the first and last three characters, have an additional character. potential State.
  2. The password is do not selected by a human, it is (mainly) a uniform random generation. No word is preferred to the others, except for only allow an ultra-short word (3 or 4 characters), once the random generator has selected a word of this length, no more of these words can be selected. (Although the position of this word in the word list is still random, and there may be do not be a selected ultra-short word.)
  3. This is mixed with a separate password restriction, which means the attacker has two vectors to try to crack. The user could have selected a password meeting the "traditional" requirements or a password meeting the "XKCD" requirements.