Please retire this gem #4

Closed
tarcieri opened this Issue Aug 28, 2012 · 4 comments

Comments

Projects
None yet
4 participants

Your README severely understates the severity of the insecurity of this code. Chosen plaintext attacks against ECB mode can completely recover encrypted data:

https://gist.github.com/3095168

Furthermore this gem (poorly) duplicates functionality that's already present in Ruby's OpenSSL library. You've created your own nonstandard padding mode which provides no interoperability with other crypto libraries.

There are no practical applications of this gem that aren't better serviced by OpenSSL and it's extremely easy to use in an insecure manner. Please retire it.

jsbattig commented May 8, 2013

I'm not a Ruby user, but I found the C code useful for other stuff we are doing related to MongoDB.
I agree EBC should never be used on a professional setting, it's simply too vulnerable.
So, for the author of this gem, if you want, here you are: https://github.com/Convey-Compliance/mongo-c-driver/blob/master/src/ZLib_AES_Filter.c ( see method Zlib_AES_PreProcessChunk() and Zlib_AES_PostProcessChunk() on how to decrypt using CBC )

The link shows how I wrote the piece to do CBC, it's VERY simple and there's no reason not to use it on any serious encryption routine.
I'm not claiming the code I shared can't be optimized, but rather just to show the mechanics of CBC are not complicated and make AES encrypted streams of data much more difficult to crack.

jtdowney commented May 8, 2013

You need to be careful with CBC as well. CBC does not provide authenticated encryption and is therefore vulnerable to things like a padding oracle attack.

I am 👍 on what @tarcieri said. The gem is extremely dangerous (although so is OpenSSL::Cipher) however there are other gems which take a dependency on fast-aes. A good first step would be to expand the warning in the README by moving it to the top.

tioteath referenced this issue in pitluga/keepassx Jun 24, 2014

Closed

Could not install keepassx gem on ruby 2.0.1 #3

Owner

nateware commented Sep 11, 2014

Thanks all. I have updated the README to recommend other options, and I have also added an annoying message when you do FastAES.new that tells people to switch to other gems.

The fast-aes gem is insecure and not recommended. Please switch over to Ruby OpenSSL.

nateware closed this Sep 11, 2014

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment