aescrypt icon indicating copy to clipboard operation
aescrypt copied to clipboard

Published 20 hours ago verified publisher icon Gurpartap

Unauthenticated encryption is vulnerable to chosen ciphertext attacks, bitflipping attacks

Open tarcieri opened this issue 8 years ago • 6 comments

This gem is using an unauthenticated encryption mode (CBC) which is vulnerable to chosen ciphertext attacks (i.e. it is not IND-CCA secure)

This is a serious issue which can allow active attackers to completely recover message plaintexts. It also allows attackers to make undetectable alterations to the plaintext.

At the very minimum you should add HMAC in an encrypt-then-MAC construction.

tarcieri avatar Jan 19 '17 20:01 tarcieri

Is that something, that we can avoid using Random IV?

fsck-mount avatar Apr 17 '17 12:04 fsck-mount

No, failure to use a random IV (#4) is a separate, unrelated, but still very bad problem.

tarcieri avatar Apr 19 '17 00:04 tarcieri

@tarcieri Thanks for the info.

fsck-mount avatar Apr 19 '17 06:04 fsck-mount

FYI, in case you're trying to follow the same path as me:

  • Create a CVE request at http://cve.mitre.org/ - You'll get a CVE ID a day or so later.
  • Create a report at https://rubysec.com/, quoting the CVE ID (they really need it even if it's not a required field)
  • If people use https://github.com/rubysec/bundler-audit (they should), the reports will crop up.

jfinkhaeuser avatar Apr 20 '17 07:04 jfinkhaeuser

I'm just sad it took me four years to figure out that this path works just fine... ugh. It should not have surprised me.

jfinkhaeuser avatar Apr 20 '17 07:04 jfinkhaeuser

@jfinkhaeuser That web form is a new thing created this year, in response to MITRE failing to issue IDs in a timely fashion via e-mail.

attritionorg avatar Apr 20 '17 17:04 attritionorg