[jira] [Commented] (GUACAMOLE-1286) Support a custom IV in guacamole-auth-json

Fri, 12 Feb 2021 09:08:07 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17283834#comment-17283834
 ] 

Chris Wheeler commented on GUACAMOLE-1286:
------------------------------------------

Thanks [~RomainJufer], I should point out that I am in no way affiliated with 
the Guacamole project, I am just a guy who petitioned for guacamole-auth-json 
to be relocated into the main project, and came across your ticket as a result. 
I am heavily involved with cryptography and security professionally though, and 
I just felt like jumping in when I saw this ticket. It's easy to accidently 
create vulnerabilities in cryptographic implementations, so I wanted to make 
sure no hasty changes were being made without a lot of thought. It's true that 
using a random IV would be better than what is in place now just because it 
would enforce unique messages at a protocol level, but I think that 
implementing a nonce on the json would be equivalent in terms of security. But 
[~mjumper] is the one actually with the Guacamole project, and I would love to 
hear his thoughts on the subject.

> Support a custom IV in guacamole-auth-json
> ------------------------------------------
>
>                 Key: GUACAMOLE-1286
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1286
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-json
>            Reporter: Bojan Zelic
>            Priority: Major
>
> It would be nice to support a custom (not-null) IV in guacamole-auth-json
> We have a cryptography expert at our company that took a look at the 
> implementation here:
> [https://github.com/apache/guacamole-client/blob/master/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/CryptoService.java#L76]
> according to him:
>  * Having a null-IV coupled with the cipher that Guacamole is using (CBC) is 
> far from ideal from security perspective, even with the signature in the 
> payload it's possible to generate the same cipher-text thus it is 
> bruteforce-able
>  * He also thinks that it could be nice to use a standard like AEAD 
> (https://en.wikipedia.org/wiki/Authenticated_encryption) in Guacamole instead 
> of using a custom implementation.
> We believe that allowing a null-IV could be problematic and allowing a 
> configurable IV would be a great short-term solution.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to