[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] weak use of crypto in python-elixir can lead to information disclosure (CVE and p
From:       Vincent Danen <vdanen () redhat ! com>
Date:       2012-04-30 21:57:44
Message-ID: 20120430215744.GK13910 () redhat ! com
[Download RAW message or body]

* [2012-04-28 13:58:15 +0200] Florian Weimer wrote:

>> CFB mode is only secure if the the IV is unpredictable and different
>> for every message.
>
>There are a few additional requirements.  Without some form of message
>authentication, chosen-ciphertext attacks are still possible even with
>a random IV.

I'm no crypto expert, so I don't have a comment on this (although I did
note this message in our bug, so that those smarter than I can look at
it).

>> Because of this, and because the encryption key is shared for each
>> database table (fields and rows), the same plaintext prefix is
>> always encrypted to an identical and corresponding ciphertext
>> prefix.  As a result, an attacker with access to the database could
>> figure out the plaintext values of encrypted text.
>
>And you can group by encrypted column values in the database.  That's
>why I'm not sure if it's actually possible to address this issue in a
>satisfying manner.

So the encryption can be more fine-grained than just per-table?  You can
also do it per-column?  If that's the case, this does sound a lot uglier
to deal with.

-- 
Vincent Danen / Red Hat Security Response Team 
[prev in list] [next in list] [prev in thread] [next in thread]