hardbin icon indicating copy to clipboard operation
hardbin copied to clipboard
verified publisher icon jes

Use AES-CBC + HMAC-SHA256

Open paragonie-scott opened this issue 8 years ago • 3 comments

Closes #1

paragonie-scott avatar May 23 '17 15:05 paragonie-scott

To be more precise: This closes one of the two issues mentioned in #1. However, the RNG bias was already reported in an HN comment and the author already said they were going to fix it, so I'm saving myself the trouble of needlessly duplicating effort.

paragonie-scott avatar May 23 '17 15:05 paragonie-scott

var mac = CryptoJS.HmacSHA256(data, key);

I think this should be computing a HMAC of unauthed, not data. But I tried changing it and that still didn't work, I've not investigated what was wrong.

jes avatar May 23 '17 17:05 jes

It looks like a cryptojs bug? I'm following their API as it's documented. Maybe I screwed something up though.

paragonie-scott avatar May 23 '17 18:05 paragonie-scott