Flaws in encryption?
See original GitHub issuehttps://github.com/mbdavid/LiteDB/blob/81c4216f01686e84a51f12872331b9862407aa7e/LiteDB/Engine/Disk/Streams/AesStream.cs#L81
I believe this is using an identical IV for each run?
_aes.GenerateIV();
should generate a sufficiently random IV
As you can see a lot of duplicate entries in the DB which indicates the SALT/IV are not unique. I am worried that this implementation is susceptible to attack.
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (1 by maintainers)
Top Results From Across the Web
Six Reasons why Encryption isn't working
1. You can't encrypt systems · 2. You can't audit encryption · 3. Encryption gives you a false sense of security · 4....
Read more >6 encryption mistakes that lead to data breaches
The REAL problem with encryption: you're doing it wrong! · Mistake #1: Assuming your developers are security experts · Mistake #2: Believing that...
Read more >Cryptographic Failures Vulnerability - Examples & Prevention
A cryptographic failure is a critical web application security vulnerability that exposes sensitive application data on a weak or non-existent ...
Read more >Researchers Find Flaw in an Online Encryption Method
SAN FRANCISCO — A team of European and American mathematicians and cryptographers have discovered an unexpected weakness in the encryption ...
Read more >Top 4 Challenges When Managing Encryption Issues
1. Managing encryption keys requires more overhead · 2. Difficulty in accessing the encrypted data · 3. Key management systems can hinder ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hi guys, thanks for this subject. Current branch 5.1 use another algorith to encryption: XTS: https://github.com/mbdavid/LiteDB/tree/v5.1/LiteDB/Utils/Xts
Current ECB still works but all new database will be created using this new algorithm
Wonderful! Thanks for the heads up.