Trail of Bits Blog
Follow
Carelessness versus craftsmanship in cryptography
Two popular AES libraries, aes-js and pyaes, introduce a significant vulnerability by providing a default IV in their CTR mode implementations. This flaw allows for key/IV reuse, leading to potential plaintext recovery and severe security breaches. Trail of Bits identified this issue and decided to publicly address it due to its widespread impact. The article highlights the contrasting responses of software developers to this security problem.
The libraries are widely used, impacting numerous JavaScript and Python projects, therefore the bug's reach is considerable. The default IV makes it easy for users to inadvertently create vulnerable encryption schemes. This design choice significantly increases the likelihood of users implementing key/IV reuse, a critical cryptographic error. Moreover, the libraries lack support for modern, authenticated encryption modes like GCM, exacerbating the risks.
The article contrasts the maintainer's dismissive response to this issue (yadda yadda yadda) with the detailed response of strongSwan's maintainer. strongSwan, another affected project, was notified privately, and their maintainer swiftly addressed the vulnerability by replacing the existing library and cipher mode with more secure alternatives, demonstrating true craftsmanship. The strongSwan fix involved detailed changes to ensure data security going forward. The contrast between the two responses highlights the difference between careless coding and a commitment to security. The article stresses the importance of responsible software development and the proper handling of security flaws, emphasizing the need for craftsmen over careless developers.
