peter-x
commented
10 years ago Derive the IV from the revision number and a random number.
Closed peter-x closed 10 years ago
peter-x
commented
10 years ago Derive the IV from the revision number and a random number.
peter-x
commented
10 years ago The IV is computed from the key but a random salt is also used. It can be investigated if including the revision number in the salt generation adds any security. Note that the encoded cypherstring always starts with "Salted__" (in accordance with OpenSSL) and thus all stored items have the same prefix.
By default, cryptojs seems to derive the IV from the passphrase. This is insecure and a new IV should be chosen for each string to encrypt.