Encryption icon indicating copy to clipboard operation
Encryption copied to clipboard
verified publisher icon simbiose

Encrypted data is not authenticated / potential padding oracles

Open Vinc0682 opened this issue 6 years ago • 1 comments

The encrypted data is not authenticated, thus allowing easy manipulation of the ciphertext with predictable changes to the plaintext. This is especially bad as unauthenticated AES-CBC often leads to padding oracle attacks which allow the recovery of the plaintext by an active adversary.

How to fix:

  1. Apply a secure message-authentication-code (MAC) like HMAC-SHA256 on the ciphertext and the IV. Always check the MAC BEFORE decrypting the ciphertext.

  2. Alternatively, use an AAD-Scheme like AES-GCM or ChaCha20-Ploy1305.

Vinc0682 avatar Sep 07 '19 19:09 Vinc0682

Thank you for the information. Feel free to make a PR with the fix otherwise I'll study the topic when possible and implement the changes.

ademar111190 avatar Jan 07 '20 22:01 ademar111190