Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bfs_encrypt is unsafe #12

Open
christoph-morrison opened this issue Jan 25, 2020 · 1 comment
Open

bfs_encrypt is unsafe #12

christoph-morrison opened this issue Jan 25, 2020 · 1 comment
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@christoph-morrison
Copy link

bfs_encrypt just XORs the given password char for char with the corresponding char from the FHEM unique id (like 2a95084455f63205c3be85e728760f55). But the FHEM unique id is not a secret and accessible to everybody on a host (644 for FHEM/FhemUtils/uniqueID which contains the unique id also). XOR is only a sufficient encryption algorithm for one time pads, which the unique is most definitely not.
@florian-asche
Copy link
Collaborator

Do you have some idea how to create this more save?

@florian-asche florian-asche added enhancement New feature or request help wanted Extra attention is needed labels Jan 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@florian-asche @christoph-morrison