Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Several code and cryptographic quality issues
See original GitHub issue- You should never, ever have a default key, a default key is as good as no key, if no secret is given, an error should be thrown.
!secretis not the correct way to check whether thesecretvariable is undefined or not, neither isalgorithm || 'aes256'. If you want to check whether the argument was passed or not, you should dosecret == null.- You should make sure
secretis either a string or a buffer. - The
encryptanddecryptfunctions will throw aTypeErrorif passednullorundefinedas any attempt to access their properties results in one. This is potentially correct behaviour, but should be documented, and the error should potentially be caught and a more descriptive error thrown. - The default cipher is
aes256, which OpenSSL aliases toAES-256-CBC, CBC mode is a bad idea, a more sane default cipher would beAES-256-CTR, as it should be supported everywhere, and does not suffer the same issues as CBC mode. Additionally, NaCl, often considered one of the most secure cryptographic libraries available, uses CTR mode for their unauthenticated secret-key encryption, authenticated encryption would be a better choice, but GCM is unsupported in Node as it requires more arguments than other modes.
Issue Analytics
- State:
- Created 8 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
CWE-310: Cryptographic Issues (4.9)
CWE CATEGORY: Cryptographic Issues ; HasMember, Base - a weakness that is still mostly independent of a resource or technology, but with ...
Read more >Why Cryptographic Systems Fail - iBeta Quality Assurance
Cryptographic main weaknesses come in two forms: weaknesses within the algorithm itself and weaknesses with their implementation. To clarify, ...
Read more >Cryptographic Key Management - the Risks and Mitigation
A single compromised key could lead to a massive data breach with the consequential reputational damage, punitive regulatory fines and loss of ...
Read more >Overcoming the Challenges of Implementing Cryptography in ...
The Challenges of Correctly Implementing Cryptography Cryptography can go wrong in a number of different ways. By making mistakes or trying to ...
Read more >CA5351: Do Not Use Broken Cryptographic Algorithms
Broken cryptographic algorithms are not considered secure and their use should be discouraged. The MD5 hash algorithm is susceptible to known ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@KoryNunn Existence checking and type checking are two separate checks (and the algorithm checking code remains wrong in your PR). I don’t see how a unit test would be relevant here - I’ve already pointed out the problem quite clearly.
If you consider it appropriate to demand practical proof of a theoretically provable problem, you really should not be writing crypto code. Any crypto-related code that is any less than 100% perfect is to be considered broken and needs-fixing, because of how hard it is to get crypto right.
Seriously, just don’t write/publish crypto code if you’re not willing to fulfill the associated effort required. Just point people at an established implementation, preferably libsodium/NaCL.
@MauriceButler and myself are well aware of how JavaScript works.
Checking that algorithm is not null or undefined will not help users that pass other non-string values.
Given that the code in the PR is functional correct, this is now a discussion on style.
If you do not think the code is functionally correct, you can show this via a unit test.