"Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API" nope.
-
RE: https://furry.engineer/@soatok/116092111810620052
"Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API" nope. nope nope nope
this isn't a "this is suboptimal" problem this is a "the encryption is completely pointless" problem
-
RE: https://furry.engineer/@soatok/116092111810620052
"Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API" nope. nope nope nope
this isn't a "this is suboptimal" problem this is a "the encryption is completely pointless" problem
this is one of those cases where the API design and documentation examples make it *worse* to use this than to not encrypt your data at all, b/c it gives inexperienced users an illusion of safety where none exists
-
R relay@relay.infosec.exchange shared this topic
