Bug report: aes encryption bug if incoming byte >= 0x80 #210
Comments
ComingNine
changed the title
|
Maybe this is the last nail in the coffin of CryptoJS. I haven't looked completely into it yet but appears to have something to do with how CryptoJS interprets strings internally. Maybe using node-forge would work and appears to use byte arrays for input. It also supports a wide verity of crypto. The license says it can be licensed under BSD or GPLv2. |
|
@bwhitn I think you're right. We should try to move away from CryptoJS if we can. It's used in a number of places including the main encryption operations such as AES, DES etc, but also as the powerhouse behind our UTF8 support. It's time we moved on to more modern libraries and web technologies, like TextEncoder and ArrayBuffers. I'm working on a new PR which will introduce these technologies in the CyberChef core, bringing us a step closer to replacing CryptoJS entirely. Forge looks like a good alternative for the encryption ops and we should be ok on the licence front if it can be used under BSD. I looked into Forge a while ago but decided not to use it due to its size, however now that we have the module system, this is no longer an issue. |
|
Closed by #226 |
Update fr for 1.7.2 (View-switcher tooltip)
Summary
aes encryption has bug if incoming byte >= 0x80
Example
Please have a look at the link below: an incoming byte 0xff is encrypted to two bytes O_O
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
The text was updated successfully, but these errors were encountered: