Cryptographic vulnerabilities: Key as IV, insecure HMAC comparison #58

Merged
merged 2 commits into from Feb 10, 2013

Conversation

Projects
None yet
2 participants
Contributor

mwielgoszewski commented Jan 27, 2013

I defined AES_new as a function that returns an AES cipher object and a new secure random IV if None was specified. If an attacker can exhibit control over any ciphertext fed to the decrypter, recovering the secret key is a trivial exercise as described in Key as Initialization Vector.

See the following gist for an example showing how this can be exploited.

I also noticed compare() provides a contant-time comparison function for comparing HMAC signatures, however was never called anywhere. This patch updates the secure_loads() function to use compare() when comparing HMAC signatures.

@mdipierro mdipierro added a commit that referenced this pull request Feb 10, 2013

@mdipierro mdipierro Merge pull request #58 from mwielgoszewski/master
Cryptographic vulnerabilities: Key as IV, insecure HMAC comparison
a634c05

@mdipierro mdipierro merged commit a634c05 into web2py:master Feb 10, 2013

@matclab matclab pushed a commit to matclab/web2py that referenced this pull request Jan 12, 2016

Mathieu Clabaut Transfert object related function to a specific controller.
This close #58
23eb38f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment