Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DVE-2015-0099 AES CTR man-in-the-middle through keystream reusage #32

Gustav-Simonsson opened this issue Jun 22, 2015 · 1 comment


Copy link

@Gustav-Simonsson Gustav-Simonsson commented Jun 22, 2015

The two sides of a RLPx connection generate two CTR streams from the same key, nonce and IV.

If an attacker knows one plaintext, he can decrypt unknown plaintexts of the reused keystream.

Separate keys needs to be used for each stream. See for example the TLS 1.2 RFC 5246 section 6.3.


This comment has been minimized.

Copy link

@fjl fjl commented Sep 20, 2018

This is a serious issue, but we will not modify RLPx anymore. A future transport protocol will address this issue.

@fjl fjl closed this Sep 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.