Hi, while I'm reviewing your code, I noticed that you're using hard-coded key on AES encryption.
|
def aes_encrypt(self, text, key): |
|
iv = b'0102030405060708' |
|
pad = 16 - len(text.encode()) % 16 |
|
text = text + pad * chr(pad) |
|
# fix: https://github.com/Kr1s77/awesome-python-login-model/issues/100#issuecomment-673897848 |
|
# error: TypeError: Object type <class 'str'> cannot be passed to C code |
|
encryptor = AES.new(key.encode(), AES.MODE_CBC, iv) |
|
msg = base64.b64encode(encryptor.encrypt(text.encode())) |
|
return msg |
When using AES CBC encryption, IV should be used random value for secure usage.
Update for this would be significantly helpful to security.
We would appreciate it if you could review the code and proceed with the update if it is deemed insecure.
Thank you.
Hi, while I'm reviewing your code, I noticed that you're using hard-coded key on AES encryption.
awesome-python-login-model/NeteaseCloudMusicDownload/api.py
Lines 32 to 40 in b458a09
When using AES CBC encryption, IV should be used random value for secure usage.
Update for this would be significantly helpful to security.
We would appreciate it if you could review the code and proceed with the update if it is deemed insecure.
Thank you.