Encrypted data is not authenticated / potential padding oracles - Githubissues

simbiose / Encryption

Encryption is a simple way to encrypt and decrypt strings on Android and Java project.

MIT License

355 stars 79 forks source link

Encrypted data is not authenticated / potential padding oracles #26

Open Vinc0682 opened 5 years ago

Vinc0682 commented 5 years ago

The encrypted data is not authenticated, thus allowing easy manipulation of the ciphertext with predictable changes to the plaintext. This is especially bad as unauthenticated AES-CBC often leads to padding oracle attacks which allow the recovery of the plaintext by an active adversary.

How to fix:

Apply a secure message-authentication-code (MAC) like HMAC-SHA256 on the ciphertext and the IV. Always check the MAC BEFORE decrypting the ciphertext.
Alternatively, use an AAD-Scheme like AES-GCM or ChaCha20-Ploy1305.

ademar111190 commented 4 years ago

Thank you for the information. Feel free to make a PR with the fix otherwise I'll study the topic when possible and implement the changes.