[Webkit-unassigned] [Bug 211777] SubtleCrypto.decrypt() - Decrypting with wrong AES-CBC key succeeds instead throwing an error
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 12 15:57:06 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=211777
--- Comment #2 from Jiewen Tan <jiewen_tan at apple.com> ---
That's the design of the AES-CBC. Decryptions are designed to fail silently. Otherwise, attackers don't even need to examine the content the decrypted message to determine if the brute force attack succeeds or not. For integration protection, either adding HMAC to your cipher or using AES-GCM.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200512/e6d8b437/attachment.htm>
More information about the webkit-unassigned
mailing list