Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cryptographic vulnerabilities: Key as IV, insecure HMAC comparison #58

merged 2 commits into from Feb 10, 2013


Copy link

@mwielgoszewski mwielgoszewski commented Jan 27, 2013

I defined AES_new as a function that returns an AES cipher object and a new secure random IV if None was specified. If an attacker can exhibit control over any ciphertext fed to the decrypter, recovering the secret key is a trivial exercise as described in Key as Initialization Vector.

See the following gist for an example showing how this can be exploited.

I also noticed compare() provides a contant-time comparison function for comparing HMAC signatures, however was never called anywhere. This patch updates the secure_loads() function to use compare() when comparing HMAC signatures.

mdipierro added a commit that referenced this pull request Feb 10, 2013
Cryptographic vulnerabilities: Key as IV, insecure HMAC comparison
@mdipierro mdipierro merged commit a634c05 into web2py:master Feb 10, 2013
matclab pushed a commit to matclab/web2py that referenced this pull request Jan 12, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.