Skip to content

Commit

Permalink
crypto: doc-only deprecate createCipher/Decipher
Browse files Browse the repository at this point in the history
createCipher and createDecipher are cryptographically weak, can cause
severe security issues when used improperly and are unsupported in FIPS
mode.

PR-URL: #19343
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
  • Loading branch information
tniessen committed Mar 21, 2018
1 parent 1d42b20 commit 81f88e3
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
8 changes: 8 additions & 0 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -1254,7 +1254,11 @@ This property is deprecated. Please use `crypto.setFips()` and
### crypto.createCipher(algorithm, password[, options])
<!-- YAML
added: v0.1.94
deprecated: REPLACEME
-->

> Stability: 0 - Deprecated: Use [`crypto.createCipheriv()`][] instead.
- `algorithm` {string}
- `password` {string | Buffer | TypedArray | DataView}
- `options` {Object} [`stream.transform` options][]
Expand Down Expand Up @@ -1334,7 +1338,11 @@ called.
### crypto.createDecipher(algorithm, password[, options])
<!-- YAML
added: v0.1.94
deprecated: REPLACEME
-->

> Stability: 0 - Deprecated: Use [`crypto.createDecipheriv()`][] instead.
- `algorithm` {string}
- `password` {string | Buffer | TypedArray | DataView}
- `options` {Object} [`stream.transform` options][]
Expand Down
18 changes: 18 additions & 0 deletions doc/api/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -959,11 +959,25 @@ Type: Runtime
[`decipher.final()`][]. In the future, this API will likely be removed, and it
is recommended to use [`decipher.final()`][] instead.
<a id="DEP0106"></a>
### DEP0106: crypto.createCipher and crypto.createDecipher
Type: Documentation-only
Using [`crypto.createCipher()`][] and [`crypto.createDecipher()`][] should be
avoided as they use a weak key derivation function (MD5 with no salt) and static
initialization vectors. It is recommended to derive a key using
[`crypto.pbkdf2()`][] and to use [`crypto.createCipheriv()`][] and
[`crypto.createDecipheriv()`][] to obtain the [`Cipher`][] and [`Decipher`][]
objects respectively.
[`--pending-deprecation`]: cli.html#cli_pending_deprecation
[`Buffer.allocUnsafeSlow(size)`]: buffer.html#buffer_class_method_buffer_allocunsafeslow_size
[`Buffer.from(array)`]: buffer.html#buffer_class_method_buffer_from_array
[`Buffer.from(buffer)`]: buffer.html#buffer_class_method_buffer_from_buffer
[`Buffer.isBuffer()`]: buffer.html#buffer_class_method_buffer_isbuffer_obj
[`Cipher`]: crypto.html#crypto_class_cipher
[`Decipher`]: crypto.html#crypto_class_decipher
[`assert`]: assert.html
[`clearInterval()`]: timers.html#timers_clearinterval_timeout
[`clearTimeout()`]: timers.html#timers_cleartimeout_timeout
Expand All @@ -976,7 +990,11 @@ is recommended to use [`decipher.final()`][] instead.
[`child_process`]: child_process.html
[`console.error()`]: console.html#console_console_error_data_args
[`console.log()`]: console.html#console_console_log_data_args
[`crypto.createCipher()`]: crypto.html#crypto_crypto_createcipher_algorithm_password_options
[`crypto.createCipheriv()`]: crypto.html#crypto_crypto_createcipheriv_algorithm_key_iv_options
[`crypto.createCredentials()`]: crypto.html#crypto_crypto_createcredentials_details
[`crypto.createDecipher()`]: crypto.html#crypto_crypto_createdecipher_algorithm_password_options
[`crypto.createDecipheriv()`]: crypto.html#crypto_crypto_createdecipheriv_algorithm_key_iv_options
[`crypto.DEFAULT_ENCODING`]: crypto.html#crypto_crypto_default_encoding
[`crypto.fips`]: crypto.html#crypto_crypto_fips
[`crypto.pbkdf2()`]: crypto.html#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback
Expand Down

0 comments on commit 81f88e3

Please sign in to comment.