New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cryptographic vulnerabilities: Key as IV, insecure HMAC comparison #58

merged 2 commits into from Feb 10, 2013


None yet
2 participants

mwielgoszewski commented Jan 27, 2013

I defined AES_new as a function that returns an AES cipher object and a new secure random IV if None was specified. If an attacker can exhibit control over any ciphertext fed to the decrypter, recovering the secret key is a trivial exercise as described in Key as Initialization Vector.

See the following gist for an example showing how this can be exploited.

I also noticed compare() provides a contant-time comparison function for comparing HMAC signatures, however was never called anywhere. This patch updates the secure_loads() function to use compare() when comparing HMAC signatures.

mdipierro added a commit that referenced this pull request Feb 10, 2013

Merge pull request #58 from mwielgoszewski/master
Cryptographic vulnerabilities: Key as IV, insecure HMAC comparison

@mdipierro mdipierro merged commit a634c05 into web2py:master Feb 10, 2013

matclab pushed a commit to matclab/web2py that referenced this pull request Jan 12, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment