[Webkit-unassigned] [Bug 211777] SubtleCrypto.decrypt() - Decrypting with wrong AES-CBC key succeeds instead throwing an error
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 14 11:27:15 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=211777
--- Comment #7 from Jiewen Tan <jiewen_tan at apple.com> ---
(In reply to Pavel Bednar from comment #6)
> Ok, can you please explain me, why decrypt() behaves differently for AES-GCM
> ? Why this algorithm throws an error. Is is not the same vulnerability?
AES-GCM throws exceptions because of integrity not decryption. It first checks the integrity of the cipher. If it fails, then it throws error. Once this point is passed, it behaves more or less the same as AES-CBC.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200514/a9856a1e/attachment-0001.htm>
More information about the webkit-unassigned
mailing list