-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pastes from ZeroBin Alpha 0.19 unreadable in PrivateBin 1.3 #551
Comments
Hello and thank you for providing such a detailed report. The error "Algorithm: Unrecognized name" is thrown in 1.3.1's use of the webcrypto API to decrypt the message: Line 919 in 71797d1
Looking at the SJCL libraries default AES mode used back in 0.19, that is probably AES-CCM. Back in privatebin 1.0 (2016) we switched to AES-GCM mode. All our unit tests for ensuring downwards compatibility used AES-GCM flavoured SJCL pastes, but no AES-CCM ones as generated in the original 0.19 release. In the 1.3 release we switched from the SJCL library to the browser integrated webcrypto API. As I realize now, looking at the W3C specs, AES-CCM isn't listed to be implemented. Long story, short: The last version of PrivateBin that uses SJCL library and therefore supports the ZeroBin 0.19 paste format is version 1.2.1. I'll updated the wiki page accordingly. |
Oh ok. Then i will be never able to use thew newest version or will a update for the backwards compatability will come? |
Should the spec for the webcrypto API get extended to include AES-CCM mode, browser vendors may consider implementing it. Then it would just start to work with the current codebase on those browser releases with CCM support. But the thing is that we switched away from CCM mode because there were concerns regarding its security and I assume the W3C didn't consider suggesting it for similar reasons. So unfortunately it is at this point it's not very likely that PrivateBin will regain support for those AES-CCM pastes in newer versions, as long as we don't move away from the Webcrypto API. The key benefit for this project to use that API over the SJCL library or (for example) openssl transpiled to WASM (like we do with the zlib) is that we use a standardized browser feature and don't have to ship a large crypto library alongside the paste. This gives us both huge performance gains (binary executable vs interpreted JS or WASM), as well as security (browsers having integrated update mechanisms, should there be a flaw in their implementation of the crypto). |
Hm.. okay. |
So far we haven't had any serious flaw reported to us with the 1.2.1 release, but at some point newer releases may include features that may make a breaking upgrade more worthwhile to you. In 1.3 we mostly focused on the paste format and crypto changes, so 1.2.1 is pretty close to it in terms of features. |
As for the simplest change: Could not you re-create the old pastes? I.e. copy the text and paste it into a new paste? |
Marking this as blocked now, because we can likely not fix it easily without shipping yet another fallback library… BTW, switching to GCM all the time back seemed to have been a good decision at least. 😄 |
This is a public authority, which is used by many people. |
Steps to reproduce
3.1. Use the setting
zerobincompatibility
instead ofbase64versions
What happens
I am asked for a password that I have never set and an error appears.
Error:
Algorithm: Unrecognized name
What should happen
The originally created pad should be shown to me.
Additional information
Screen: https://img.elyday.net/2019_12/19-12-19-09:31:24.png
Logs:
Basic information
Server address: Not at this moment
Server OS: Linux
Webserver: Apache2 (PHP 7.1)
Browser: Chrome Version 78.0.3904.97
PrivateBin version: 1.3.1
I can reproduce this issue on https://privatebin.net: No
The text was updated successfully, but these errors were encountered: