[patch] Encryption scheme doesn't use proper random seed
93 views
Skip to first unread message
Stanislav Ochotnicky
Apr 18, 2012, 9:49:52 AM4/18/12
to SQLElixir, Miloslav Trmač, Stanislav Ochotnicky
Red Hat security response team discovered a vulnerability in Elixir
that can cause encrypted data to be decrypted without knowledge of
secret password. Only users using elixirt.ext.encrypted module are
affected.
It is generally caused by following code snippet:
def encrypt_value(value, secret):
return Blowfish.new(secret, Blowfish.MODE_CFB) \
.encrypt(value).encode('string_escape')
This code doesn't create proper random seed (IV argument for Blowfish)
and therefore attacker with access to both database and able to add
new data into database will be able to decrypt contents even without
knowing the password.
Unfortunately to properly fix this issue a database migration is
required as well and this change is backward incompatible since we
need to store seed (IV) in the database.
Proposed patch[1] should fix the issue. It adds new encryption
mechanism that is enabled when acts_as_encrypted is used with
"with_aes=True" parameter. It also prints out warning to stderr about
insecure Blowfish method when it's used. Note that by patch doesn't
enable new encryption by default, as that would cause current
applications to stop working. First they will need to actively migrate
their data, then start using AES.
Apart from that, we have tarball with example migration[2] that could
help with migration of current databases. Users should be able to
modify this example to properly migrate their databases. It is
possible with minimal changes to the current code, provided database
schema used fields that are big enough to contain IV seed together
with encrypted data. A second pair of eyes that would look into the
migration scripts and perhaps improve them or warn about possible
shortcomings or other problems would be appreciated.
I have also filed a bug report at http://elixir.ematia.de/trac/ticket/119
Thanks,
P.S. Please keep me and Miloslav in CC, thank you
[1] http://sochotni.fedorapeople.org/python-elixir-aes-encryption-addition.patch
[2] http://sochotni.fedorapeople.org/migration_test.tar.xz
that can cause encrypted data to be decrypted without knowledge of
secret password. Only users using elixirt.ext.encrypted module are
affected.
It is generally caused by following code snippet:
def encrypt_value(value, secret):
return Blowfish.new(secret, Blowfish.MODE_CFB) \
.encrypt(value).encode('string_escape')
This code doesn't create proper random seed (IV argument for Blowfish)
and therefore attacker with access to both database and able to add
new data into database will be able to decrypt contents even without
knowing the password.
Unfortunately to properly fix this issue a database migration is
required as well and this change is backward incompatible since we
need to store seed (IV) in the database.
Proposed patch[1] should fix the issue. It adds new encryption
mechanism that is enabled when acts_as_encrypted is used with
"with_aes=True" parameter. It also prints out warning to stderr about
insecure Blowfish method when it's used. Note that by patch doesn't
enable new encryption by default, as that would cause current
applications to stop working. First they will need to actively migrate
their data, then start using AES.
Apart from that, we have tarball with example migration[2] that could
help with migration of current databases. Users should be able to
modify this example to properly migrate their databases. It is
possible with minimal changes to the current code, provided database
schema used fields that are big enough to contain IV seed together
with encrypted data. A second pair of eyes that would look into the
migration scripts and perhaps improve them or warn about possible
shortcomings or other problems would be appreciated.
I have also filed a bug report at http://elixir.ematia.de/trac/ticket/119
Thanks,
P.S. Please keep me and Miloslav in CC, thank you
[1] http://sochotni.fedorapeople.org/python-elixir-aes-encryption-addition.patch
[2] http://sochotni.fedorapeople.org/migration_test.tar.xz
Reply all
Reply to author
Forward
0 new messages