cardano-ledger-byron icon indicating copy to clipboard operation
cardano-ledger-byron copied to clipboard

Published 20 hours ago verified publisher icon input-output-hk

Null IV in AES encryption

Open mitros123 opened this issue 5 years ago • 1 comments

Hello. AES CTR encryption uses a null IV here, and that might be problematic. While I could not find any piece of code where that function is used, it seems wrong to have an encryption function which if not used correctly, can lead to security vulnerabilities.

Permalink

Suppose that an adversary obtains encryptions C1 and C2 of messages M1 and M2. If they are generated with the same IV, that means that the keystream KS is the same for both ( C1 = M1 XOR KS and C2 = M2 XOR KS). Then C1 XOR C2 = M1 XOR KS XOR M2 XOR KS = M1 XOR M2 . This might lead to security problems.

Proposed Solution

You can either use a random IV and include it with every ciphertext, or get rid of that function altogether (but please make sure it is not used, I might be wrong).

mitros123 avatar Jul 18 '19 08:07 mitros123

Thanks for raising this issue.

We'll be removing the module Cardano.Crypto.Encryption as part of issue #690.

intricate avatar Dec 03 '19 18:12 intricate