You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The variable called "encoding" is actually the password used to derive the cryptographic key, which is both static across all installations and published on GitHub. This means it provides no value; all someone viewing the ciphertext needs to do is lookup this project and extract the key.
polyglot-v2/lib/modules/encryption.js
Line 4 in f92a0db
The variable called "encoding" is actually the password used to derive the cryptographic key, which is both static across all installations and published on GitHub. This means it provides no value; all someone viewing the ciphertext needs to do is lookup this project and extract the key.
Incidentally using AES without an initialization vector appears to have been deprecated by node, but I wouldn't bother fixing that unless some form of localized key generation can be established.
I don't know what the purpose of this encryption was, but it's not fulfilling it.
The text was updated successfully, but these errors were encountered: