New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document usage of encryptAES / decryptAES #4407
Comments
Sounds like a good idea. A few quick notes:
We can detect a new format because it always includes a
You may want to refer to the original PR: #3595. cc @tikurahul |
Sorry, the old format was a hex string not Base64 encoded, which explains why you're seeing new characters. |
Add more information to the 2.4 migration docs, especially some extra information about how the format has changed. See playframework#4407.
Add more information to the 2.4 migration docs, especially some extra information about how the format has changed. See playframework#4407.
@benmccann, now that #4438 is merged, do you think we could remove the 2.4.0 tag from this issue? I agree that it would be good to get the docs done but I don't think they need to be there for 2.4. |
The crypto section of the Play 2.4 migration docs are a good starting point for anyone who wants to work on this: https://www.playframework.com/documentation/2.4.x/Migration24#Crypto-APIs. You can find these docs in |
The JavaDoc and ScalaDoc does not describe the current state. While it mentions AES/CTR/NoPadding, it describes ECB instead: “This algorithm is suitable for small amounts of data, typically less than 32 bytes, hence is useful for encrypting credit card numbers, passwords etc. For larger blocks of data, this algorithm may expose patterns and be vulnerable to repeat attacks. ” This is present four times in the documentation: see classes play.api.libs.Crypto and play.libs.Crypto and their methods Moreover, I see two other issues.
Both of them are BTW a place where ECB is actually more secure than CTR. I am not saying that Play! should have stayed with ECB, I am just saying CTR is not strictly more secure than ECB in all cases. |
Mailing list discussion: https://groups.google.com/forum/#!topic/play-framework/Pao8MnADAqw |
@v6ak, all good points. It sounds like you've looked at our docs so far, which we know have some shortcomings. It would be great if you could review our implementation too, to let us know if there any issues there. |
@richdougherty I've looked at the implementation briefly. Some my notes about undocumented properties (e.g. the key derivation) do come from there. The implementation mostly transfers the responsibility to JCA, so the code is rather tiny and there is just a little what can be done wrong (provided that the JCA implementation is correct). This, however, applies only for the implementation, not for the design. The design and uncertain purpose of the API was main objection. Note that I welcome the attempt to simplify the rather complex JCA API, this can encourage more using cryptography, which is good. If such wrapper is done properly, it can encourage some best practices and using crypto right, which would be great. I just don't think that Play! Crypto can achieve these goals today. Note that I haven't reviewed the IV generation so far. |
@v6ak, I agree with all you say. We'd welcome help from you or anyone else who is interested. Maybe we should just wrap something like Keyczar or Jasypt. I haven't used either, so I'm not sure if this a good idea. One good thing about the new crypto code in Play 2.4 is that we have now have a versioned format, so we can evolve the implementation as needed. Of course, having multiple formats does introduce complexity; we need to make sure we don't accidentally introduce vulnerabilites through our format system! |
Posted more on this to https://groups.google.com/forum/#!topic/play-framework-dev/Rlrt89Ky_Rk |
More info on CTR / authenticated crypto: http://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken |
@v6ak, If you have any thoughts on @wsargent's post (mentioned above), let us know! |
Also see http://security.blogoverflow.com/2013/06/qotw-47-lessons-learned-and-misconceptions-regarding-encryption-and-cryptology/ for what a mess crypto can be... |
I hope I'll be able to comment it on Monday afternoon (or on Sunday if it goes well). // UTC+2 |
I wanted to post it to the Google Group, but I was unable to. My join request has not been accepted so far. So I've created a gist: https://gist.github.com/v6ak/2f7f3c4f18cfe4d1be9e |
@richdougherty I got the access and posted it. @wsargent I TL;DR-ed it. Is the only merit of the article the fact that hardcoding encryption algorithm is a bad practice? I agree. At the moment, it is a minor issue, but when the API is redesigned, the encryptAES and decryptAES methods may be just deprecated aliases of new methods. |
@v6ak more about the problems involved in dealing with crypto primitives, but yes, that's part of it. |
I've asked the KeyCzar team about their status and future plans on keyczar-discuss: https://groups.google.com/forum/#!topic/keyczar-discuss/wG7mnRU4F5Q |
Add more information to the 2.4 migration docs, especially some extra information about how the format has changed. See playframework#4407.
Adding reference to more KeyCzar discussion: https://groups.google.com/d/topic/keyczar-discuss/nbs6gQjykg0/discussion |
After much discussion and research, here's the short version:
Ultimately, it doesn't make sense for Play to make these methods available. So, we're going to deprecate the encryptAES/decryptAES methods, and remove them in later versions. |
OK, deprecating these methods is a correct resolution of this issue. (Maybe not the only correct one, but hopefully the most reasonable, as they are not the core of Play!.) What we might also do:
|
I'm going to put together a blog post and we'll write up the change and background in the migration notes. |
Will the methods be deprecated in Play 2.5 or in Play 3? I ask because Silhouette uses this methods to encrypt authenticator related data. |
I feel like the deprecation here is a bit of a cop out. Just saying crypto is hard and we don't want to be responsible for it doesn't help users of Play very much. It'd be nicer to investigate the issues more thoroughly and make more concrete recommendations. |
@benmccann there are be recommendations and a detailed description in the document. |
Added concrete recommendations and issues with current configuration in migration guide: https://www.playframework.com/documentation/2.5.x/CryptoMigration25 Commit is 1f22381 |
There's nowhere in our docs where we give an example of encrypting/decrypting data. I think it could be helpful to share an example of when and how we might deal with encrypted data.
Also, something else to mention in the migration guide potentially is that in 2.4 when the encryption algorithm changed, it seems to have changed what characters can appear in the encrypted string. I ran into an issue where we assumed encrypted data would be alphanumeric, which appears to be a true of AES. In Play 2.4 when we changed to AES/CTR/NoPadding we see new characters like -, =, and +.
The text was updated successfully, but these errors were encountered: