All-zero IVs #7
Labels
bug
Something isn't working
Comments
|
Thanks for the feedback! I will switch back to rust crypto as soon as I have some time :) |
|
Sorry, I meant to notate the IVs as a to-do because the structure of structs and traits were not entirely finalised yet. |
|
@SteveGremory once there is support for meta data in the file format I am happy to swap the library over to RustCrypto, just let me know. |
|
Well that time passed. |
|
I actually did end up swapping it over to Rust crypto. I'll shoot a pull request through soon. |
|
Oh wow, thank you! |
|
Ended up just prepending IVs to each encryption block. Will need some documentation though. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You currently use a static initialisation vector (of all-
0). This is insecure.I don't mean to be too pushy about this, but it may be prudent to replace the OpenSSL dependency with RustCrypto's AEADs where possible, which are considerably more difficult to misuse, and which will also automatically alert on decryption failure due to a wrong encryption key.
(I don't know the specifics of the original
zipprogram this one is modelled after. Apologies if the zero-IV is needed for compatibility, though explaining that in the source file may be helpful in that case.)The text was updated successfully, but these errors were encountered: