AESContext i think the example is slightly dangerous #9226
Labels
area:class reference
Issues and PRs about the class reference, which should be addressed on the Godot engine repository
enhancement
in the example it is slightly dangerous:
https://docs.godotengine.org/en/stable/classes/class_aescontext.html
the line:
var iv = "My secret iv!!!!" # IV must be of exactly 16 bytes.
the iv in reality is supposed to be changed random each time you send out an encrypted piece of information... this prevents certain types of attacks. The IV is sent unencrypted along with the encrypted data. So an attacker can see the IV each time but it should be random..... i guess this is irritating but i had to make a little function:
CBC in the example is the best choice, the ECB i belive is pretty much obsolete
so i don't know if you can hold the users hand, but it's just a potential security loophole if someone follows the example
The text was updated successfully, but these errors were encountered: