[jboss-jira] [JBoss JIRA] (JGRP-2386) Support for encryption ciphers that require an initialization vector
Bela Ban (Jira)
issues at jboss.org
Tue Oct 1 16:40:00 EDT 2019
[ https://issues.jboss.org/browse/JGRP-2386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13791833#comment-13791833 ]
Bela Ban commented on JGRP-2386:
--------------------------------
Sorry for the late response, I'm just back from PTO, will look at this hopefully this week (am in BOS for the next 2 weeks)...
> Support for encryption ciphers that require an initialization vector
> --------------------------------------------------------------------
>
> Key: JGRP-2386
> URL: https://issues.jboss.org/browse/JGRP-2386
> Project: JGroups
> Issue Type: Enhancement
> Affects Versions: 4.1.5, 3.6.19
> Reporter: Nick Sawadsky
> Assignee: Bela Ban
> Priority: Minor
>
> By default, Encrypt sets sym_algorithm to "AES". As a result, the default cipher mode is used, which is ECB. ECB encrypts a given plaintext block to the same ciphertext every time, which can allow attackers to see [patterns in messages being exchanged|https://crypto.stackexchange.com/questions/20941/why-shouldnt-i-use-ecb-encryption].
> Modes like CBC, that use a random initialization vector (IV) avoid this problem (assuming a different IV is used for each message).
> It would be good to modify Encrypt to support ciphers that require an IV, such as AES/CBC/PKCS5Padding.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list