You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the very least, AES-GCM should be the default mode.
The text was updated successfully, but these errors were encountered:
tarcieri
changed the title
Insecure use of unauthenticated encryption with potential for message forgery/plaintext recovery
Insecure use of unauthenticated encryption - potential message forgery/plaintext recovery
Sep 19, 2018
This gem uses unauthenticated AES-CBC encryption:
https://github.com/chicks/aes/blob/master/lib/aes/aes.rb#L126
AES-CBC is not an authenticated encryption mode and is vulnerable to chosen ciphertext attacks including message forgery and potentially plaintext recovery.
At the very least, AES-GCM should be the default mode.
The text was updated successfully, but these errors were encountered: