You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using client-side encryption, for one encrypted library, the IV is stored and the client program always uses this one IV to encrypt and decrypt different files. IV reused is unsafe and should not be used, the IV should be randomness and unpredictable. (CWE-329: https://cwe.mitre.org/data/definitions/329.html)
These are Debug details for three different files when decrypting them in the client (Android) side:
File1: Cipher@7029
File2: Cipher@7074
File3: Cipher@7097
The text was updated successfully, but these errors were encountered:
After releasing version 7.0, we will use different IV for different libraries. But for a single library, the same IV will be used for different libraries as it requires too much effort to use different IV for every file.
As a single library can only be accessed by shared and trusted users, it should be safe enough.
When using client-side encryption, for one encrypted library, the IV is stored and the client program always uses this one IV to encrypt and decrypt different files. IV reused is unsafe and should not be used, the IV should be randomness and unpredictable. (CWE-329: https://cwe.mitre.org/data/definitions/329.html)
These are Debug details for three different files when decrypting them in the client (Android) side:
File1: Cipher@7029
File2: Cipher@7074
File3: Cipher@7097
The text was updated successfully, but these errors were encountered: