Carelessness versus Craftsmanship in Cryptography
3 days ago
- #AES
- #security
- #cryptography
- Two AES libraries, aes-js and pyaes, provide a default IV in their AES-CTR API, leading to key/IV reuse bugs affecting thousands of projects.
- Reusing key/IV pairs in AES-CTR or GCM mode can lead to serious security issues, including plaintext recovery and brittle encryption.
- aes-js and pyaes lack modern cipher modes like AES-GCM and AES-GCM-SIV, making them vulnerable to attacks.
- Both libraries are vulnerable to side-channel attacks and have not been updated since 2017-2018.
- The maintainer of aes-js dismissed a serious security concern with a casual response, highlighting carelessness.
- strongSwan's strongMan VPN Manager was found to be vulnerable due to pyaes's default IV, but the maintainer responded with a model security fix.
- The fix for strongMan included replacing pyaes with a modern library, using GCM-SIV, and adding per-entry key derivation.
- The difference between carelessness and craftsmanship lies in how developers respond to mistakes, with strongMan exemplifying the latter.