-
Notifications
You must be signed in to change notification settings - Fork 421
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Always generate a random IV for AES operations
Quoting @obi1kenobi: > Initialization vector reuse like this is a security concern, since it leaks > information about the encrypted data to attackers, regardless of the > encryption mode used. > Instead of relying on a fixed, randomly-generated IV, it would be better to > randomly-generate a new IV for every encryption operation. Breaks AESCipher ECB support Reported as CVE-2017-1000246 Fixes #417 Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
- Loading branch information
1 parent
d5e4e1b
commit 7323f5c
Showing
3 changed files
with
12 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters