search

google / samba-documents-provider

Access network file shares directly from the Android Downloads/Files app
GNU General Public License v3.0
638 stars 125 forks source link

Insecure IV generation. #64

Closed Nocasis closed 4 years ago

Nocasis commented 4 years ago

Instances of java.util.Random are not cryptographically secure. Using this for cryptographic primitives is dangerous. You should use SecureRandom in this case. proves: https://docs.oracle.com/javase/7/docs/api/java/util/Random.html https://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

import java.util.Random;
...
private static final Random RANDOM = new Random();
...
 private static byte[] generateIv() {
    byte[] iv = new byte[IV_LENGTH];

    RANDOM.nextBytes(iv);

    return iv;
  }
...
Nocasis commented 4 years ago

I was wrong. Predictable IV for GCM means nothing.