You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Benjamin Marwell <bm...@gmail.com> on 2020/01/14 14:16:55 UTC
Question about the default cipher padding
Dear devs,
just another quick note.
I found out that the default cipher was changed to
"AES/GCM/PKCS5Padding" in 1.4.2 for security reasons. However, GCM is
a streaming algorithm and does not support Padding[1]. In this case
this algorithm name is just a synonym to "AES/GCM/NOPADDING" in most
JDKs and JREs[1].
However, some older (Adopt Open / IBM) J9 JVMs do not seem to support
this alias "AES/GCM/PKCS5Padding".
Thus, I would like to propose to add this line to
AesCipherService.java in the constructor:
setPaddingScheme( PaddingScheme.NONE.getTransformationName() );
If you agree, I can create an issue and a PR.
Best regards,
Ben
[1] https://crypto.stackexchange.com/a/42413
[2] https://stackoverflow.com/a/31249214/1549977
Re: Question about the default cipher padding
Posted by Benjamin Marwell <bm...@gmail.com>.
Here you go:
Issue: https://issues.apache.org/jira/browse/SHIRO-736
PR: https://github.com/apache/shiro/pull/194
CLA is signed.
Maybe CC the apache security team to review the claims made by the
people on stack overflow and stackexchange?
I can only verify that this works for JVMs which do not support the
PKCS5 padding mode on AES/GCM.
Am Di., 14. Jan. 2020 um 15:26 Uhr schrieb Colm O hEigeartaigh
<co...@apache.org>:
>
> Yes, that makes sense to me, please create a PR.
>
> Colm.
>
> On Tue, Jan 14, 2020 at 2:17 PM Benjamin Marwell <bm...@gmail.com> wrote:
>
> > Dear devs,
> >
> > just another quick note.
> >
> > I found out that the default cipher was changed to
> > "AES/GCM/PKCS5Padding" in 1.4.2 for security reasons. However, GCM is
> > a streaming algorithm and does not support Padding[1]. In this case
> > this algorithm name is just a synonym to "AES/GCM/NOPADDING" in most
> > JDKs and JREs[1].
> >
> > However, some older (Adopt Open / IBM) J9 JVMs do not seem to support
> > this alias "AES/GCM/PKCS5Padding".
> >
> > Thus, I would like to propose to add this line to
> > AesCipherService.java in the constructor:
> > setPaddingScheme( PaddingScheme.NONE.getTransformationName() );
> >
> > If you agree, I can create an issue and a PR.
> >
> > Best regards,
> > Ben
> >
> > [1] https://crypto.stackexchange.com/a/42413
> > [2] https://stackoverflow.com/a/31249214/1549977
> >
Re: Question about the default cipher padding
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes, that makes sense to me, please create a PR.
Colm.
On Tue, Jan 14, 2020 at 2:17 PM Benjamin Marwell <bm...@gmail.com> wrote:
> Dear devs,
>
> just another quick note.
>
> I found out that the default cipher was changed to
> "AES/GCM/PKCS5Padding" in 1.4.2 for security reasons. However, GCM is
> a streaming algorithm and does not support Padding[1]. In this case
> this algorithm name is just a synonym to "AES/GCM/NOPADDING" in most
> JDKs and JREs[1].
>
> However, some older (Adopt Open / IBM) J9 JVMs do not seem to support
> this alias "AES/GCM/PKCS5Padding".
>
> Thus, I would like to propose to add this line to
> AesCipherService.java in the constructor:
> setPaddingScheme( PaddingScheme.NONE.getTransformationName() );
>
> If you agree, I can create an issue and a PR.
>
> Best regards,
> Ben
>
> [1] https://crypto.stackexchange.com/a/42413
> [2] https://stackoverflow.com/a/31249214/1549977
>