You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Also, please consider reading https://security.stackexchange.com/a/17046 with regards to secure usage of AES-CBC on your service. I honestly think it's better off to do something with GCM than with CBC mode.
The text was updated successfully, but these errors were encountered:
Leaving notes on this repository as well (Originated from mcndt/obsidian-quickshare#21)
Came from https://mcndt.dev/posts/how-to-e2e-encryption/ 馃憢馃徎
Describe the bug
Currently the code sets the IV to static value of 0s, and this is considered to be insecure.. Consider randomizing your IVs.
https://github.com/mcndt/obsidian-quickshare/blob/73733c0292cb3f0d6775c69c734e80c690932777/src/crypto/crypto.ts#L45-L49
noteshare.space/webapp/src/lib/crypto/decrypt.ts
Lines 54 to 59 in f84ddba
Also, please consider reading https://security.stackexchange.com/a/17046 with regards to secure usage of AES-CBC on your service. I honestly think it's better off to do something with GCM than with CBC mode.
The text was updated successfully, but these errors were encountered: