[jboss-jira] [JBoss JIRA] (JGRP-2386) Support for encryption ciphers that require an initialization vector
Nick Sawadsky (Jira)
issues at jboss.org
Mon Sep 23 17:22:00 EDT 2019
[ https://issues.jboss.org/browse/JGRP-2386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Sawadsky updated JGRP-2386:
--------------------------------
Description:
By default, Encrypt sets sym_algorithm to "AES". As a result, the default cipher mode is used, which is ECB. ECB encrypts a given plaintext block to the same ciphertext every time, which can give attackers insight into the [types of messages being exchanged|https://crypto.stackexchange.com/questions/20941/why-shouldnt-i-use-ecb-encryption].
Modes like CBC, that use a random initialization vector (IV) are not susceptible to this problem, except in the case where a given IV is reused with the same key.
It would be good to modify Encrypt to support ciphers that require an IV, such as AES/CBC/PKCS5Padding.
was:
By default, Encrypt sets sym_algorithm to "AES". As a result, the default cipher mode is used, which is ECB. ECB encrypts a given plaintext block to the same ciphertext every time, which can give attackers insight into the types of messages being exchanged.
Modes like CBC, that use a random initialization vector (IV) are not susceptible to this problem, except in the case where a given IV is reused with the same key.
It would be good to modify Encrypt to support ciphers that require an IV, such as AES/CBC/PKCS5Padding.
> Support for encryption ciphers that require an initialization vector
> --------------------------------------------------------------------
>
> Key: JGRP-2386
> URL: https://issues.jboss.org/browse/JGRP-2386
> Project: JGroups
> Issue Type: Enhancement
> Affects Versions: 4.1.5, 3.6.19
> Reporter: Nick Sawadsky
> Assignee: Bela Ban
> Priority: Minor
>
> By default, Encrypt sets sym_algorithm to "AES". As a result, the default cipher mode is used, which is ECB. ECB encrypts a given plaintext block to the same ciphertext every time, which can give attackers insight into the [types of messages being exchanged|https://crypto.stackexchange.com/questions/20941/why-shouldnt-i-use-ecb-encryption].
> Modes like CBC, that use a random initialization vector (IV) are not susceptible to this problem, except in the case where a given IV is reused with the same key.
> It would be good to modify Encrypt to support ciphers that require an IV, such as AES/CBC/PKCS5Padding.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list