New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refresh and simplify AES256 encryption's implementation #507

Open

oleiade opened this issue Aug 17, 2021 · 0 comments

Assignees

Labels

Projects

Milestone

Owner

oleiade commented Aug 17, 2021

While looking into a security alert raised by CodeQL: https://github.com/oleiade/trousseau/security/code-scanning/1?query=ref%3Arefs%2Fheads%2Fmaster. I noticed the AES encryption's implementation felt a bit old-style, and could be greatly simplified and refreshed.

The scope of this issue is to kill to birds with one stone by:

Addressing the potential overflow.
Replacing the implementation to use the Gallois/Counter Mode, bcrypt for the passphrase, and the now standard Seal/nonce based methods.

The text was updated successfully, but these errors were encountered:

oleiade added the feature label

oleiade added this to the 1.0.0 milestone

oleiade self-assigned this

oleiade added this to To do in Version 1.0.0 via automation

oleiade mentioned this issue

Ciphertext is too short #508

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment