use the default setting and also add the mode to the cipher. aes-128 is to be preferred over aes-256 according to bruce schneier https://www.schneier.com/blog/archives/2009/07/another_new_aes.html#c386957

5 files changed, 8 insertions, 8 deletions

diff --git a/Zotlabs/Lib/ThreadStream.php b/Zotlabs/Lib/ThreadStream.php
index f54b3f6c2..68b2c70dd 100644
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -23,7 +23,7 @@ class ThreadStream {
 	private $preview = false;
 	private $prepared_item = '';
 	public $reload = '';
-	private $cipher = 'AES-256';
+	private $cipher = 'AES-128-CCM';
 
 	// $prepared_item is for use by alternate conversation structures such as photos
 	// wherein we've already prepared a top level item which doesn't look anything like
diff --git a/Zotlabs/Module/Chat.php b/Zotlabs/Module/Chat.php
index 66ba42d33..28e775f9d 100644
--- a/Zotlabs/Module/Chat.php
+++ b/Zotlabs/Module/Chat.php
@@ -197,7 +197,7 @@ class Chat extends Controller {
 	
 			$cipher = get_pconfig(local_channel(),'system','default_cipher');
 			if(! $cipher)
-				$cipher = 'AES-256';
+				$cipher = 'AES-128-CCM';
 	
 	
 			$o = replace_macros(get_markup_template('chat.tpl'),array(
diff --git a/include/bbcode.php b/include/bbcode.php
index ea04eb470..535e4ac33 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -257,7 +257,7 @@ function bb_parse_crypt($match) {
 
 	$x = random_string();
 
-	$f = ((in_array($algorithm, ['AES-256', 'rot13', 'triple-rot13'])) ? 'hz_decrypt' : 'red_decrypt');
+	$f = ((in_array($algorithm, ['AES-128-CCM', 'rot13', 'triple-rot13'])) ? 'hz_decrypt' : 'red_decrypt');
 
 	$Text = '<br /><div id="' . $x . '"><img class="cursor-pointer" src="' . z_root() . '/images/lock_icon.svg" onclick="' . $f . '(\'' . $algorithm . '\',\'' . $hint . '\',\'' . $match[2] . '\',\'#' . $x . '\');" alt="' . t('Encrypted content') . '" title="' . t('Encrypted content') . '" /></div><br />';
 
diff --git a/include/conversation.php b/include/conversation.php
index 05d1cdc26..876e907e5 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1396,7 +1396,7 @@ function hz_status_editor($a, $x, $popup = false) {
 
 	$cipher = get_pconfig($x['profile_uid'], 'system', 'default_cipher');
 	if(! $cipher)
-		$cipher = 'AES-256';
+		$cipher = 'AES-128-CCM';
 
 	if(array_key_exists('catsenabled',$x))
 		$catsenabled = $x['catsenabled'];
diff --git a/view/js/crypto.js b/view/js/crypto.js
index 058b769c5..98af6e09e 100644
--- a/view/js/crypto.js
+++ b/view/js/crypto.js
@@ -157,18 +157,18 @@ function hz_encrypt(alg, elem) {
 	if((alg == 'rot13') || (alg == 'triple-rot13'))
 		newdiv = "[crypt alg='rot13']" + window.btoa(str_rot13(text)) + '[/crypt]';
 
-	if(alg == 'AES-256') {
+	if(alg == 'AES-128-CCM') {
 
 			// This is the prompt we're going to use when the receiver tries to open it.
 			// Maybe "Grandma's maiden name" or "our secret place" or something. 
 
 			var enc_hint = bin2hex(prompt(aStr['passhint']));
 
-			enc_text = sjcl.encrypt(enc_key, text, { ks: 256 });
+			enc_text = sjcl.encrypt(enc_key, text);
 
 			encrypted = enc_text.toString();
 
-			newdiv = "[crypt alg='AES-256' hint='" + enc_hint + "']" + window.btoa(encrypted) + '[/crypt]';
+			newdiv = "[crypt alg='AES-128-CCM' hint='" + enc_hint + "']" + window.btoa(encrypted) + '[/crypt]';
 	}
 
 	enc_key = '';
@@ -249,7 +249,7 @@ function hz_decrypt(alg, hint, text, elem) {
 		var enc_key = bin2hex(prompt((hint.length) ? hex2bin(hint) : aStr['passphrase']));
 	}
 
-	if(alg == 'AES-256') {
+	if(alg == 'AES-128-CCM') {
 		dec_text = sjcl.decrypt(enc_key, text);
 	}