-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Node v8.9.0 how to rewrite crypto.createCipher to crypto.createCipheriv? #949
Comments
Link-back to nodejs/node#16746 and see nodejs/node#13801. If you were using counter mode (CTR) for encryption, then your data is compromised because of the fixed IV. If you don't know what an IV is, or don't know what acceptable values for an IV are, then you should educate yourself on that subject first. This forum is not the right place for that because it's a complex and subtle subject matter. The best advice I can give you is to buy a good book on cryptography. |
Thanks this is good way you say...but i im in but hurry to publish project application.js and have no time to study cryptography...i need basic solution using crypto.createCipheriv and using as you say fixed IV so how to use fixed IV? |
I mean this in the nicest way possible but cryptography is something that, if you don't know what you're doing, you shouldn't be doing. In your particular case you could simply skip encryption altogether because AES-CTR with a fixed IV offers no security whatsoever. |
Thanks i rewrite minor changes of my above functions and use aes-128-cbc algorithm and fixed IV value and now encrypting and decrypting works....now i have another problem that i can't figure out...in previus release of node v7.1.0 i was successfully using REST API---after upgrade to Node v8.9.0 i get error 404 not found and when calling api: http://192.168.1.5:8080/api/server_status i get this: Cannot GET /api/server_status So question is if Node v8.9.0 changed some mechanism of using previus code of REST API? In previus node same REST API code works. this is my short code of using REST API and express framework: var express = require('express'), panel.use('/api', apiRoutes); apiRoutes.post('/server_status', function(req, res) { panel.listen('8080'); |
CBC is a step up but be aware it's vulnerable to padding attacks if not used properly. |
Ok i im aware....for more secure algorithm i need to study cryptography and i will do this later..for now is important that secret data is encrypted and safe... Do you have any idea what would be a problem that my REST API routes does not work? If i go back to Node v7.1.0 it works and on v8.9.0 it does not..could you make on your node server side small demo of REST API and see if it working by you? I think something changed in node v8.9.0 and REST API must be used different? |
Before Node v8.9.0 i was using this code:
This code works great in previus version...now i upgrade to Node v8.9.0 on ubuntu 14.04 and i get warnings to not to use crypto.createCipher and to use crypto.createCipheriv so could please some expirienced rewrite above code to use crypto.createCipheriv ? i read Node documnetation and i see that i need to add at the end of crypto.createCipheriv IV parameter - Initialization Vector...but i don't know how to define it what value it needs to hold and so on. Above posted code works but it needs to be rewriten to use crypto.createDecipheriv so that i can use my application.js under new Node v8,9,0.
Thanks
The text was updated successfully, but these errors were encountered: