Deterministic AES IV Derivation from Passphrase

Vulnerability

jervis/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy

Lines 866 to 874 in 157d2b6

    
           static String encryptWithAES256(String passphrase, String data, Integer hash_iterations = DEFAULT_AES_ITERATIONS) { 
        
               // sha256Sum should always return lower case but forcing toLowerCase 
        
               // since this is used as an input for encryption and decryption. 
        
               String salt = sha256Sum(passphrase).toLowerCase() 
        
               byte[] b_secret = passwordKeyDerivation(passphrase, salt) 
        
               byte[] b_iv = salt.substring(0, 16).getBytes('UTF-8') 
        
               Integer iterations = (hash_iterations > 0) ? hash_iterations : 1 
        
               encodeBase64(encryptWithAES256(b_secret, b_iv, data, iterations)) 
        
           }

jervis/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy

Lines 891 to 900 in 157d2b6

    
           static String decryptWithAES256(String passphrase, String data, Integer hash_iterations = DEFAULT_AES_ITERATIONS) { 
        
               // sha256Sum should always return lower case but forcing toLowerCase 
        
               // since this is used as an input for encryption and decryption. 
        
               String salt = sha256Sum(passphrase).toLowerCase() 
        
               byte[] b_secret = passwordKeyDerivation(passphrase, salt) 
        
               byte[] b_iv = salt.substring(0, 16).getBytes('UTF-8') 
        
               byte[] b_data = decodeBase64Bytes(data) 
        
               Integer iterations = (hash_iterations > 0) ? hash_iterations : 1 
        
               decryptWithAES256(b_secret, b_iv, b_data, iterations) 
        
           }

Same passphrase + same plaintext = same ciphertext (IV reuse)

Impact

Severity is considered low for internal uses of this library but if there's any consumer using these methods directly then this is considered high.

Significant reduction in the security of the encryption scheme. Pattern analysis becomes possible.

Patches

Random IV will be generated and prepended to the ciphertext.

Upgrade to Jervis 2.2.

Workarounds

None

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deterministic AES IV Derivation from Passphrase

Package

Affected versions

Patched versions

Description

Vulnerability

Impact

Patches

Workarounds

Severity

CVE ID

Weaknesses

	static String encryptWithAES256(String passphrase, String data, Integer hash_iterations = DEFAULT_AES_ITERATIONS) {
	// sha256Sum should always return lower case but forcing toLowerCase
	// since this is used as an input for encryption and decryption.
	String salt = sha256Sum(passphrase).toLowerCase()
	byte[] b_secret = passwordKeyDerivation(passphrase, salt)
	byte[] b_iv = salt.substring(0, 16).getBytes('UTF-8')
	Integer iterations = (hash_iterations > 0) ? hash_iterations : 1
	encodeBase64(encryptWithAES256(b_secret, b_iv, data, iterations))
	}

	static String decryptWithAES256(String passphrase, String data, Integer hash_iterations = DEFAULT_AES_ITERATIONS) {
	// sha256Sum should always return lower case but forcing toLowerCase
	// since this is used as an input for encryption and decryption.
	String salt = sha256Sum(passphrase).toLowerCase()
	byte[] b_secret = passwordKeyDerivation(passphrase, salt)
	byte[] b_iv = salt.substring(0, 16).getBytes('UTF-8')
	byte[] b_data = decodeBase64Bytes(data)
	Integer iterations = (hash_iterations > 0) ? hash_iterations : 1
	decryptWithAES256(b_secret, b_iv, b_data, iterations)
	}