Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security #39

Closed
mirzazuhaib opened this issue May 31, 2021 · 1 comment
Closed

Security #39

mirzazuhaib opened this issue May 31, 2021 · 1 comment

Comments

@mirzazuhaib
Copy link

We are using RNCryptor-objc library in our project for the purpose of encryption/decryption. While running static analyser tool for maintaining best security practices in our project, we have found one critical issue reported by the tool. Below is the issue:

Issue: "CBC mode is vulnerable to padding oracle attacks. CTR mode is the superior choice because it does not have these weaknesses."

As per the Description of RNCryptor-objc, the library used CBC mode.

So, I want to ask, is there any CTR mode version available for us to use. And if not, is there any possibility that you guys add it here in the library.

Also, there is a link placed in the library which says, "Mode changes for RNCryptor" but the link is not working.

Please let us know if you can help here and add the required mode which will be safer to use. Thanks!
@rnapier
Copy link
Member

rnapier commented Jun 1, 2021
edited
Loading

This is a misunderstanding of various security tradeoffs. CTR has its own significant issues due to its catastrophic failure if a Key+IV pair is ever reused. The padding oracle attack only works in cases where there is a padding oracle available, which is extremely uncommon in RNCryptor deployments. (Can you describe the padding oracle that your system currently has? We could discuss designs that mitigate it.) Note that both of these issues are extremely unlikely. In both cases, it is a matter of deciding which issue is more likely and which is worse if it occurs.

I had a similar misunderstanding about modes when I first developed RNCryptor. If you would like the original CTR-version, you can find it here: https://github.com/RNCryptor/RNCryptor/releases/tag/RNCryptor-1.1. I converted to CBC based on the direct recommendation of Apple's security team when discussing my library at WWDC. Several more years of cryptography experience have convinced me that they were correct. If you believe that in your situation my advice and Apple's advice are not ideal, feel free to use that version. Note that it is not compatible with any other implementation of RNCryptor (the earliest ports I remember are from around v2).

If you do decide to use that old version, be aware of a critical bug from all versions prior to 2.2. At line 141, you need to replace this:

password.length,  // passwordLength

with:

[password lengthOfBytesUsingEncoding:NSUTF8StringEncoding], // passwordLength

See RNCryptor/RNCryptor#77 for details.

@rnapier rnapier closed this as completed Jun 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rnapier @mirzazuhaib