Nodejs createCipher vs createCipheriv
Solution 1
Is createCipher still a viable and secure way to encrypt data at rest?
Although it is of course never recommended to use deprecated API calls, it is possible to create a secure system using createCipher
. For this the given "password" must be strong enough to withstand offline, and possibly parallel attacks. For this the given password must have enough entropy (must be random enough) not to be guessed. For instance, you can create ~80 bit or higher passwords using a password manager and use those.
Should a solution using
createCipheriv
always be preferred overcreateCipher
?
Yes, if just because the author has already warned you and any review of your code will have to reconsider if createCipher
is still viable. If the method is ever removed from the CryptoJS (unlikely, but it has been deprecated after all) then your code would not run anymore.
Still, the use of createCipheriv
will be less secure than createCipher
if you use a password directly as key. You should still use a correct password based key derivation function such as PBKDF2 to derive the output key material - as indicated in the updated documentation.
Any other details or recommendations appreciated.
In most cases you want to use a higher end encryption / decryption method such as the Cryptographic Message Syntax (CMS, specified in PKCS#7), PGP or similar high end protocols / container formats.
If you really need to use a cipher directly you should try and see if authenticated encryption such as offered by GCM is an option.
Solution 2
The now depreciated createCipher
function didn’t allow for a unique iv
which is why createCipheriv
is preferred.
While deriving a key using any key derivation functionality it doesn’t assist in protecting the cipher text from dictionary attacks that an iv
prevents.
Related videos on Youtube
andrsnn
Updated on September 14, 2022Comments
-
andrsnn over 1 year
I am currently trying to encrypt data at rest with NodeJS, I have read in the Node API docs that
createCipher
is not recommended.The implementation of crypto.createCipher() derives keys using the OpenSSL function EVP_BytesToKey with the digest algorithm set to MD5, one iteration, and no salt. The lack of salt allows dictionary attacks as the same password always creates the same key. The low iteration count and non-cryptographically secure hash algorithm allow passwords to be tested very rapidly.
In line with OpenSSL's recommendation to use pbkdf2 instead of EVP_BytesToKey it is recommended that developers derive a key and IV on their own using crypto.pbkdf2() and to use crypto.createCipheriv() to create the Cipher object.
Is
createCipher
still a viable and secure way to encrypt data at rest? Should this method be considered deprecated? Is it feasible for a well informed attacker to potentially decrypt data?Should a solution using
createCipheriv
always be preferred overcreateCipher
?Any other details or recommendations appreciated.
-
andrsnn about 5 yearsSeems worth mentioning if
createCipher
is used "in common block cipher modes (e.g. CTR), IV reuse" is a massive security issue that is "catastrophic to confidentiality". And it appears the deprecatedcreateCipher
api does not prevent use of these cipher modes. See: - github.com/nodejs/node/pull/13821#issuecomment-309900506 - crypto.stackexchange.com/questions/2991/… - github.com/nodejs/node/pull/13941 -
andrsnn about 5 yearsAh looks like IV reuse with ciphers in counter mode is now mentioned in the documentation for the method and a warning is now emitted. Users should not use ciphers with counter mode (e.g. CTR, GCM or CCM) in crypto.createCipher(). A warning is emitted when they are used in order to avoid the risk of IV reuse that causes vulnerabilities. For the case when IV is reused in GCM, see Nonce-Disrespecting Adversaries for details. nodejs.org/docs/latest-v6.x/api/…
-
alparslan mimaroğlu over 2 yearsWhile this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - From Review