Project

General

Profile

Actions

Task #2355

closed

Confidential storage cipher uses hardcoded initialization vector

Added by Petr Fišer over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
Confidential Storage
Target version:
Start date:
07/01/2020
Due date:
09/16/2020
% Done:

100%

Estimated time:
Owner:

Description

During analysis of #2214 (more info, commands and examples therein), I noticed that there is a hardcoded IV in the IdM source: https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-impl/src/main/java/eu/bcvsolutions/idm/core/security/service/impl/DefaultCryptService.java#L57 .

This is a security problem, because we use the same secret key for encryption of each confidential information (aka. "message") that is put into storage. When using the same key to encrypt multiple messages, the AES-CBC mode should use unique (and random) initialization vector for each message. Such setup slightly lowers the security, but the encryption holds.

Now we are in a situation that both secret key and IV are the same. Therefore AES-CBC effectively degenerates and can be broken relatively easily, as a variant of a Book cipher. The attack still has some difficulties but it is doable.

This is analysis/design ticket. We should start producing unique IV for each message stored in the confidential storage (and even regenerate and update those IVs on message updates).


Related issues

Related to IdStory Identity Manager - Feature #2391: Add support for changing AES-256 confidential storage keysClosedOndřej Kopr07/15/2020

Actions
Related to IdStory IdM containers - Task #2214: Allow stronger ciphers - enhance Java security policy fileClosedPetr Fišer04/17/2020

Actions
Related to IdStory Identity Manager - Feature #2652: Create a task to generate new initialization vector for values in the confidential storageClosedAlena Peterová01/21/2021

Actions
Actions

Also available in: Atom PDF