Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure block cipher mode #27

Open
jlovison opened this issue Jan 10, 2013 · 5 comments
Open

Insecure block cipher mode #27

jlovison opened this issue Jan 10, 2013 · 5 comments

Comments

@jlovison
Copy link
Contributor

The pycrypto library defaults to ECB mode for AES:

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29

I'm not sure why they do this, considering even their own documentation says not to use it:

https://www.dlitz.net/software/pycrypto/api/current/Crypto.Cipher.blockalgo-module.html#MODE_ECB

But, as you can see, the default call to AES.new() uses this cipher mode:

https://www.dlitz.net/software/pycrypto/api/current/Crypto.Cipher.AES-module.html#new

The major difference that would need to be made to django-fields to support a stronger and secure block cipher mode (i.e. CBC) would be the addition of a random IV that is appended to the ciphertext. (An example of proper use is documented in the pycrypto AES module page linked above.

However, this change isn't backwards compatible for data previously encrypted.

I'll take a stab at upgrading the library to keep backwards compatible defaults, but enabling a stronger block cipher mode via kwords arguments (like how cipher type is decided). Still, any data using the insecure defaults will have to be dumped prior to upgrading to CBC, and then imported again after the change.
@jlovison jlovison mentioned this issue Jan 10, 2013
Closed
@mjacksonw
Copy link
Contributor

What's the recommended way to migrate from the default to MODE_CBC?

@patrickbrown-dev
Copy link

I'm wondering the same thing as @mjacksonw.

@coagulant
Copy link

Can we decrypt ECB values upon access and store them with CBC?
Django itself does something like that when upgrading password hashes.

Or better make a migration script, since we have SECRET_KEY and we can decrypt all possible ECB values and encrypt with more secure algo at once.

Btw, there is a deprecation warning for ECB default now...

DeprecationWarning: Default usage of pycrypto's AES block type defaults has been deprecated and will be removed in 0.3.0 (default will become MODE_CBC). Please specify a secure block_type, such as CBC.

@jlovison
Copy link
Contributor Author

jlovison commented Dec 8, 2013

For migration, I would suggest dumping the data using the django management commands, and then making the change to CBC and reloading the data back in.

For hashes (which are a one-way function), Django had to wait for the user to re-input their password to re-hash, so a more convoluted and gradual conversion was a necessary evil. But in this case, dumping the data will convert it to plaintext, and reloading will convert to CBC in one giant step - there's not really a need for a more complicated migration solution.

Just make sure to backup.

@coagulant
Copy link

For migration, I would suggest dumping the data using the django management commands, and then making the change to CBC and reloading the data back in.
It's already possible with current API, am I correct?
For my project it's quite easy, since I have only one model needing upgrade.

Anyway, I suppose there is a way to make migration automatic. Introspect all models, find fields with weak encryption algo, dump 'em, change the fields to CBC, load 'em back again. Pros: seamless for users (hopefully), cons: extra maintenance costs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mjacksonw @coagulant @jlovison @patrickbrown-dev