bfs_encrypt is unsafe - Githubissues

fhem / bfs

BFS - Bundesamt für Strahlenschutz Module for FHEM [GITHUB ONLY PROJECT]

GNU General Public License v2.0

0 stars 0 forks source link

bfs_encrypt is unsafe #12

Open christoph-morrison opened 4 years ago

christoph-morrison commented 4 years ago

bfs_encrypt just XORs the given password char for char with the corresponding char from the FHEM unique id (like 2a95084455f63205c3be85e728760f55). But the FHEM unique id is not a secret and accessible to everybody on a host (644 for FHEM/FhemUtils/uniqueID which contains the unique id also). XOR is only a sufficient encryption algorithm for one time pads, which the unique is most definitely not.

florian-asche commented 4 years ago

Do you have some idea how to create this more save?