Nodejs createCipher vs createCipheriv

node.js algorithm security encryption openssl
14,965

Solution 1

Is createCipher still a viable and secure way to encrypt data at rest?

Although it is of course never recommended to use deprecated API calls, it is possible to create a secure system using createCipher. For this the given "password" must be strong enough to withstand offline, and possibly parallel attacks. For this the given password must have enough entropy (must be random enough) not to be guessed. For instance, you can create ~80 bit or higher passwords using a password manager and use those.

Should a solution using createCipheriv always be preferred over createCipher?

Yes, if just because the author has already warned you and any review of your code will have to reconsider if createCipher is still viable. If the method is ever removed from the CryptoJS (unlikely, but it has been deprecated after all) then your code would not run anymore.

Still, the use of createCipheriv will be less secure than createCipher if you use a password directly as key. You should still use a correct password based key derivation function such as PBKDF2 to derive the output key material - as indicated in the updated documentation.

Any other details or recommendations appreciated.

In most cases you want to use a higher end encryption / decryption method such as the Cryptographic Message Syntax (CMS, specified in PKCS#7), PGP or similar high end protocols / container formats.

If you really need to use a cipher directly you should try and see if authenticated encryption such as offered by GCM is an option.

Solution 2

The now depreciated createCipher function didn’t allow for a unique iv which is why createCipheriv is preferred.

While deriving a key using any key derivation functionality it doesn’t assist in protecting the cipher text from dictionary attacks that an iv prevents.

Share:
14,965

Related videos on Youtube

andrsnn
Author by

andrsnn

Updated on September 14, 2022

Comments

  • andrsnn
    andrsnn over 1 year

    I am currently trying to encrypt data at rest with NodeJS, I have read in the Node API docs that createCipher is not recommended.

    The implementation of crypto.createCipher() derives keys using the OpenSSL function EVP_BytesToKey with the digest algorithm set to MD5, one iteration, and no salt. The lack of salt allows dictionary attacks as the same password always creates the same key. The low iteration count and non-cryptographically secure hash algorithm allow passwords to be tested very rapidly.

    In line with OpenSSL's recommendation to use pbkdf2 instead of EVP_BytesToKey it is recommended that developers derive a key and IV on their own using crypto.pbkdf2() and to use crypto.createCipheriv() to create the Cipher object.

    Is createCipher still a viable and secure way to encrypt data at rest? Should this method be considered deprecated? Is it feasible for a well informed attacker to potentially decrypt data?

    Should a solution using createCipheriv always be preferred over createCipher?

    Any other details or recommendations appreciated.

  • andrsnn
    andrsnn about 5 years
    Seems worth mentioning if createCipher is used "in common block cipher modes (e.g. CTR), IV reuse" is a massive security issue that is "catastrophic to confidentiality". And it appears the deprecated createCipher api does not prevent use of these cipher modes. See: - github.com/nodejs/node/pull/13821#issuecomment-309900506 - crypto.stackexchange.com/questions/2991/… - github.com/nodejs/node/pull/13941
  • andrsnn
    andrsnn about 5 years
    Ah looks like IV reuse with ciphers in counter mode is now mentioned in the documentation for the method and a warning is now emitted. Users should not use ciphers with counter mode (e.g. CTR, GCM or CCM) in crypto.createCipher(). A warning is emitted when they are used in order to avoid the risk of IV reuse that causes vulnerabilities. For the case when IV is reused in GCM, see Nonce-Disrespecting Adversaries for details. nodejs.org/docs/latest-v6.x/api/…
  • alparslan mimaroğlu
    alparslan mimaroğlu over 2 years
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - From Review

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Openssl ECDSA : private key passphrase
OpenSSL and what encryption method to use
How do I integrate HSM encryption with JAVA?
Node.js, simple TLS client/server
Encrypt and decrypt string with c++, Openssl and aes
Opening an RSA private key from Ruby
Decrypt with the public key using openssl in commandline
Error while creating self-signed SSL certificate
How to list all openssl ciphers available in statically linked python releases?
Check if Android filesystem is encrypted