Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update crypto-es to 2.1.0 or higher #256

Open
LeoVS09 opened this issue Jun 13, 2024 · 1 comment
Open

Update crypto-es to 2.1.0 or higher #256

LeoVS09 opened this issue Jun 13, 2024 · 1 comment

Comments

@LeoVS09
Copy link

LeoVS09 commented Jun 13, 2024

Please update crypto-es to version 2.1.0 or higher. Currently used version 1.2.2 marked by dependabot as critical vulnerability.

Additional context

Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both (1) defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005 and (2) defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. Remediation of this issue might be very difficult, as the changes required to fix this issue would change the output of this method and thus break most, if not all, current uses of this method as configured by default.

Potential Impact:

  • If used to protect passwords, the impact is high.
  • If used to generate signatures, the impact is high.

Probability / risk analysis / attack enumeration

  1. For at most $45,000, an attacker, given control of only the beginning of a crypto-js PBKDF2 input, can create a value which has identical cryptographic signature to any chosen known value.
  2. Due to the length extension attack on SHA1, we can create a value that has identical signature to any unknown value, provided it is prefixed by a known value. It does not matter if PBKDF2 applies 'salt' or 'pepper' or any other secret unknown to the attacker. It will still create an identical signature.
    crypto-js has 10,642 public users as displayed on NPM, today October 11th 2023. The number of transient dependents is likely several orders of magnitude higher.

A very rough GitHub search shows 432 files cross GitHub using PBKDF2 in crypto-js in Typescript or JavaScript, but not specifying any number of iterations.

@Silur
Copy link

Silur commented Dec 21, 2024

any news on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants