|
if(!EVP_EncryptInit_ex(aes_encrypt_ctx, aes_cipher, NULL, arg_aes_key, arg_aes_key)) { |
EVP_EncryptInit_ex is being called with arg_aes_key as the IV. This is a problem as an IV must be both unique (used only once) and random when used in a CBC mode (as is the case here). This means that the IV is easily recovered and because the IV is the key, it means that attackers can recover the key and decrypt any data being transported. In short, as implemented today the crypto scheme for dynomite is completely ineffective.
References:
https://en.wikipedia.org/wiki/Initialization_vector
https://defuse.ca/blog/recovering-cbc-mode-iv-chosen-ciphertext.html
http://www.cryptofails.com/post/70059594911/cakephp-using-the-iv-as-the-key
https://nsamteladze.wordpress.com/2016/05/27/initialization-vector-iv-in-aes-cbc/
dynomite/src/dyn_crypto.c
Line 265 in f59986b
EVP_EncryptInit_ex is being called with arg_aes_key as the IV. This is a problem as an IV must be both unique (used only once) and random when used in a CBC mode (as is the case here). This means that the IV is easily recovered and because the IV is the key, it means that attackers can recover the key and decrypt any data being transported. In short, as implemented today the crypto scheme for dynomite is completely ineffective.
References:
https://en.wikipedia.org/wiki/Initialization_vector
https://defuse.ca/blog/recovering-cbc-mode-iv-chosen-ciphertext.html
http://www.cryptofails.com/post/70059594911/cakephp-using-the-iv-as-the-key
https://nsamteladze.wordpress.com/2016/05/27/initialization-vector-iv-in-aes-cbc/