Open
Description
The current implementation does not follow NIST Special Publication 800-38D, in particular Section 8.2 IV Constructions and 8.3 Constraints on the Number of Invocations regarding the secret key.
To mitigate 8.2: IVs can be converted to deterministic construction per 8.2.1.
To mitigate 8.3: Temporary IDs should use an ephemeral key derived from the secret key and uid values, so that the same key is not used for more than 2^32 operations.
The current implementation may permit an adversary to fabricate IDs or Upload Tokens, if they collect duplicated IVs or more than 2^32 encryption operations are performed against the same key.
Metadata
Metadata
Assignees
Labels
No labels