[jira] [Commented] (GUACAMOLE-1286) Support a custom IV in guacamole-auth-json

Fri, 12 Feb 2021 08:23:04 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17283803#comment-17283803
 ] 

Romain Jufer commented on GUACAMOLE-1286:
-----------------------------------------

Thanks for you reply [~grintor]. First you're right for the IV, I meant 
randomized IV, poor choice of words on my side, sorry. Indeed, based on known 
attacks, probability are very low that this could be exploited. However, we do 
have security proofs for these cryptographic schemes in the case where their 
hypotheses are met. On the other hand, we are only convince that they are 
secure in some cases because no one was able to break them until now. 
Personally, I would always prefer mathematical proofs when it is possible but 
as you said I don't think that this could be exploited. In addition, I presume 
that communications are happening over TLS which will probably preclude any 
attacks anyway :). We wanted to raise that issue just to be sure that it was 
not a mistake and to get your point of view so again thanks for your comments.

> Support a custom IV in guacamole-auth-json
> ------------------------------------------
>
>                 Key: GUACAMOLE-1286
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1286
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-json
>            Reporter: Bojan Zelic
>            Priority: Major
>
> It would be nice to support a custom (not-null) IV in guacamole-auth-json
> We have a cryptography expert at our company that took a look at the 
> implementation here:
> [https://github.com/apache/guacamole-client/blob/master/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/CryptoService.java#L76]
> according to him:
>  * Having a null-IV coupled with the cipher that Guacamole is using (CBC) is 
> far from ideal from security perspective, even with the signature in the 
> payload it's possible to generate the same cipher-text thus it is 
> bruteforce-able
>  * He also thinks that it could be nice to use a standard like AEAD 
> (https://en.wikipedia.org/wiki/Authenticated_encryption) in Guacamole instead 
> of using a custom implementation.
> We believe that allowing a null-IV could be problematic and allowing a 
> configurable IV would be a great short-term solution.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to