feat: add cbcDecrypt and cbcEncrypt modes #19321
Conversation
|
There's already a package implementing CBC: https://github.com/jedisct1/zig-cbc CBC is a mode with a lot of footguns and no practical advantages over modern constructions. It is still required by some legacy protocols, but now that Zig has a package manager, it's probably better maintained as an external package. The standard library should be focused on sane and future-proof options. If we include CBC now, we may regret it later. This is akin to adding support for Windows 95 in 2024 because a couple applications still require it. And more importantly, committing to supporting it forever. It may be necessary for some applications, but eventually, this code is going to get little to no attention, and become a burden. CBC may also require a very different interface than other modes in the standard library. In order to support parallel encryption, the message needs to be processed in reverse, from the end. Such a weird, custom interfaces can easily be supported in a specialized package. In the standard library, it may complicated generic constructions. So, I'd recommend keeping it as a package. But the way, the current one can certainly be improved, if only to add support for parallel encryption/decryption and ciphertext stealing, so your help remains more than welcome. |
|
Thank you for the review! Maybe it would be worthwhile to close the referenced issue as well? #5763 |
Completes one part of #5763 by adding the CBC mode to the standard library. From reading the discussion, this is probably a controversial addition and I may not be qualified to make the change. However, I implemented this while working on a signing tool for Android APKs and figured I would make a PR.