Open pix opened 1 year ago
Hi.
thanks for this. I'll take a look and read upon this and will make appropriate changes.
@pix I'd be keen to dig deeper and come up with a proof-of-concept for this. let me add some logging here and there and see if we can get to plaintext with just sniffing the traffic.
I was trying to understand the underlying crypto when I found this:
The hashed data will be the same given a pair of client/server, therefore the same key will be used with the same nonce more than once.
This StackOverflow post explains the situations: https://crypto.stackexchange.com/questions/26790/how-bad-it-is-using-the-same-iv-twice-with-aes-gcm
Generating a nonce and appending it before the encrypted data and using this as the nonce should resolve the issue.