Permalink
Browse files

crypto: doc-only deprecate createCipher/Decipher

createCipher and createDecipher are cryptographically weak, can cause
severe security issues when used improperly and are unsupported in FIPS
mode.

PR-URL: #19343
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
  • Loading branch information...
tniessen committed Mar 14, 2018
1 parent 1d42b20 commit 81f88e30dd6de4c2132580a7238cb54b55e012fc
Showing with 26 additions and 0 deletions.
  1. +8 −0 doc/api/crypto.md
  2. +18 −0 doc/api/deprecations.md
@@ -1254,7 +1254,11 @@ This property is deprecated. Please use `crypto.setFips()` and
### crypto.createCipher(algorithm, password[, options])
<!-- YAML
added: v0.1.94
deprecated: REPLACEME
-->
> Stability: 0 - Deprecated: Use [`crypto.createCipheriv()`][] instead.
- `algorithm` {string}
- `password` {string | Buffer | TypedArray | DataView}
- `options` {Object} [`stream.transform` options][]
@@ -1334,7 +1338,11 @@ called.
### crypto.createDecipher(algorithm, password[, options])
<!-- YAML
added: v0.1.94
deprecated: REPLACEME
-->
> Stability: 0 - Deprecated: Use [`crypto.createDecipheriv()`][] instead.
- `algorithm` {string}
- `password` {string | Buffer | TypedArray | DataView}
- `options` {Object} [`stream.transform` options][]
@@ -959,11 +959,25 @@ Type: Runtime
[`decipher.final()`][]. In the future, this API will likely be removed, and it
is recommended to use [`decipher.final()`][] instead.
<a id="DEP0106"></a>
### DEP0106: crypto.createCipher and crypto.createDecipher
Type: Documentation-only
Using [`crypto.createCipher()`][] and [`crypto.createDecipher()`][] should be
avoided as they use a weak key derivation function (MD5 with no salt) and static
initialization vectors. It is recommended to derive a key using
[`crypto.pbkdf2()`][] and to use [`crypto.createCipheriv()`][] and
[`crypto.createDecipheriv()`][] to obtain the [`Cipher`][] and [`Decipher`][]
objects respectively.
[`--pending-deprecation`]: cli.html#cli_pending_deprecation
[`Buffer.allocUnsafeSlow(size)`]: buffer.html#buffer_class_method_buffer_allocunsafeslow_size
[`Buffer.from(array)`]: buffer.html#buffer_class_method_buffer_from_array
[`Buffer.from(buffer)`]: buffer.html#buffer_class_method_buffer_from_buffer
[`Buffer.isBuffer()`]: buffer.html#buffer_class_method_buffer_isbuffer_obj
[`Cipher`]: crypto.html#crypto_class_cipher
[`Decipher`]: crypto.html#crypto_class_decipher
[`assert`]: assert.html
[`clearInterval()`]: timers.html#timers_clearinterval_timeout
[`clearTimeout()`]: timers.html#timers_cleartimeout_timeout
@@ -976,7 +990,11 @@ is recommended to use [`decipher.final()`][] instead.
[`child_process`]: child_process.html
[`console.error()`]: console.html#console_console_error_data_args
[`console.log()`]: console.html#console_console_log_data_args
[`crypto.createCipher()`]: crypto.html#crypto_crypto_createcipher_algorithm_password_options
[`crypto.createCipheriv()`]: crypto.html#crypto_crypto_createcipheriv_algorithm_key_iv_options
[`crypto.createCredentials()`]: crypto.html#crypto_crypto_createcredentials_details
[`crypto.createDecipher()`]: crypto.html#crypto_crypto_createdecipher_algorithm_password_options
[`crypto.createDecipheriv()`]: crypto.html#crypto_crypto_createdecipheriv_algorithm_key_iv_options
[`crypto.DEFAULT_ENCODING`]: crypto.html#crypto_crypto_default_encoding
[`crypto.fips`]: crypto.html#crypto_crypto_fips
[`crypto.pbkdf2()`]: crypto.html#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback

0 comments on commit 81f88e3

Please sign in to comment.