Comments (2)
I've done more research and while there are some who suggest that for authentication purposes, making the IV a secret can be helpful, the best information I see indicates that the symmetric cbc cypher is no less secure for the initialization vector being in the clear.
Of course, having the IV encrypted to the secret key doesn't normally (in current Strongbox usage) present a practical problem, it does in fact become a practical problem if we wish to use a symmetric-only encryption (using a key that's not always- available) if the private key is unavailable at the moments when the symmetric key is ready for decrypting the ciphertext.
I will provide a patch in the hopes it's acceptable.
Randy
from strongbox.
My fork has the ability to store IV's without encryption.
from strongbox.
Related Issues (20)
- Cannot visit Strongbox::Lock - error HOT 4
- dynamic :public_key and :private_key HOT 4
- "stack level too deep" With Database Migration HOT 10
- Encoding::CompatibilityError HOT 1
- Allow empty encryption field HOT 2
- Tags for Releases HOT 2
- Per-Compnay encryption settings
- Travis-CI HOT 3
- Using strongbox with NSS HOT 1
- Format validations failing HOT 1
- Ciphertexts are unauthenticated HOT 6
- Default PKCS#1 v1.5 padding leaks information
- How to avoid storing private key by re-generating it HOT 1
- Decrypt Data Offline HOT 3
- Validation before encryption? HOT 3
- string contains null byte HOT 2
- Changelog HOT 1
- OpenSSL::PKey::RSAError: padding check failed
- Validate uniqueness is possible? HOT 3
- Current state of this gem HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strongbox.