Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CookieDealer.create_cookie reuses the IV for AES encryption of cookies #363

Closed
schlenk opened this issue Jun 5, 2017 · 1 comment · Fixed by #373
Closed

CookieDealer.create_cookie reuses the IV for AES encryption of cookies #363

schlenk opened this issue Jun 5, 2017 · 1 comment · Fixed by #373
Labels
bug
Milestone
P1: MUST

Comments

@schlenk
Copy link
Collaborator

schlenk commented Jun 5, 2017

The CookieDealer class has some peculiar use of the AES IV.

It creates ONE IV when the class is initialized, this is then reused for every cookie created by the class.
Depending on AES mode, this can be fatal for the security of the key. For AES-GCM it would totally ruin security, for CBC mode it is not as fatal, but still bad.

The Cookie dealer should probably use one fresh IV per cookie and store it in the cookie with the encrypted value.
@decentral1se
Copy link
Contributor

Ah, I see! Well spotted!

@decentral1se decentral1se mentioned this issue Jun 5, 2017
Closed
2 tasks
@decentral1se decentral1se added this to the P1: MUST milestone Jun 5, 2017
schlenk pushed a commit to schlenk/pyoidc that referenced this issue Jun 7, 2017
Improve cookie crypto for CookieDealer
d0a2e58 
Added per cookie IV's to the CookieDealers encryption handling.

This fixes CZ-NIC#363.

Also restyled the encrypt and MAC construction for cookie security to
use a more modern AEAD approach.

In this case it is AES-SIV (RFC  5297), which has the nice property to
be a bit resistant to IV reuse.
@schlenk schlenk mentioned this issue Jun 7, 2017
Merged
schlenk pushed a commit to schlenk/pyoidc that referenced this issue Jun 8, 2017
Improve cookie crypto for CookieDealer
58cdbce 
Added per cookie IV's to the CookieDealers encryption handling.

This fixes CZ-NIC#363.

Also restyled the encrypt and MAC construction for cookie security to
use a more modern AEAD approach.

In this case it is AES-SIV (RFC  5297), which has the nice property to
be a bit resistant to IV reuse.
schlenk pushed a commit to schlenk/pyoidc that referenced this issue Jun 8, 2017
Improve cookie crypto for CookieDealer
b9279ae 
Added per cookie IV's to the CookieDealers encryption handling.

This fixes CZ-NIC#363.

Also restyled the encrypt and MAC construction for cookie security to
use a more modern AEAD approach.

In this case it is AES-SIV (RFC  5297), which has the nice property to
be a bit resistant to IV reuse.
andrewkrug pushed a commit to mozilla-iam/pyoidc that referenced this issue Jun 6, 2019
@andrewkrug
Improve cookie crypto for CookieDealer
b545930 
Added per cookie IV's to the CookieDealers encryption handling.

This fixes CZ-NIC#363.

Also restyled the encrypt and MAC construction for cookie security to
use a more modern AEAD approach.

In this case it is AES-SIV (RFC  5297), which has the nice property to
be a bit resistant to IV reuse.
andrewkrug pushed a commit to mozilla-iam/pyoidc that referenced this issue Jun 6, 2019
@andrewkrug
Improve cookie crypto for CookieDealer
2db6158 
Added per cookie IV's to the CookieDealers encryption handling.

This fixes CZ-NIC#363.

Also restyled the encrypt and MAC construction for cookie security to
use a more modern AEAD approach.

In this case it is AES-SIV (RFC  5297), which has the nice property to
be a bit resistant to IV reuse.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
P1: MUST
Development

Successfully merging a pull request may close this issue.

Improve cookie crypto for CookieDealer schlenk/pyoidc
2 participants
@schlenk @decentral1se