aescrypt
aescrypt copied to clipboard
Gurpartap
A simple and opinionated AES encrypt / decrypt Ruby gem that just works.
Please retire this gem. It contains multiple, extremely severe security vulnerabilities: * Fixed all zero IV: #4 * No MAC/unauthenticated encryption: #12 Either of these vulnerabilities can, depending on the...
I'm not sure this will ever be merged, but at least it gives me the ability to review/comment :)
See http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_chaining_.28CBC.29 I can only assume that the ruby openssl wrapper uses null bytes for the IV in your use-case, which is _not_ secure.
This gem is using an unauthenticated encryption mode (CBC) which is vulnerable to chosen ciphertext attacks (i.e. it is not [IND-CCA](https://en.wikipedia.org/wiki/Ciphertext_indistinguishability) secure) This is a serious issue which can allow...
Fixes issue #4. Additionally, adds a basic test.
Hi Gurpartap, Currently I am facing below issue- -[NSConcreteMutableData SHA256Hash]: unrecognized selector sent to instance while encrypting the message. Please suggest me any changes.
 bro please help me.. Im using AES online encryption to encrypt the data. after data encrypted, Im try to use your lib...
Hi It would seem that in ruby 2.2.x a require 'base64' is needed to satisfy the Base64 dependency. Regards
There was an issue with Base64 being interpreted as a part of AESCrypt instead of its own class: ``` token = AESCrypt.encrypt(message, password) NameError: uninitialized constant AESCrypt::Base64 ``` All I...
