Closed Bug 547007 Opened 15 years ago Closed 15 years ago

Use a per-record IV instead of one for each symkey

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: Mardak, Assigned: Mardak)

References

Details

Attachments

(1 file, 1 obsolete file)

v1.1
(deleted), patch
mconnor
: review+
Details | Diff | Splinter Review
This would prevent simple comparisons of encrypted blobs to see if some blocks happen to be the same. Originally not done because it could be potentially expensive to generate an IV per record each time they're encrypted.
Depends on: 549635
Flags: blocking-weave1.2+
Target Milestone: --- → 1.2
Attached patch v1 (obsolete) (deleted) — Splinter Review
Assignee: nobody → edilee
Status: NEW → ASSIGNED
Attachment #430777 - Flags: review?(mconnor)
Depends on: 545517
Blocks: 549635
No longer depends on: 549635
Attached patch v1.1 (deleted) — Splinter Review
Attachment #430777 - Attachment is obsolete: true
Attachment #431450 - Flags: feedback?(edilee)
Attachment #430777 - Flags: review?(mconnor)
Attachment #431450 - Flags: feedback?(edilee) → review?(mconnor)
Comment on attachment 431450 [details] [diff] [review] v1.1 >+ this.IV = Svc.Crypto.generateRandomIV(); > this.ciphertext = Svc.Crypto.encrypt(JSON.stringify(this.cleartext), >- symkey, meta.bulkIV); >+ symkey, this.IV); nit: alignment (what was there before was correct) > decrypt: function CryptoWrapper_decrypt(passphrase) { > let pubkey = PubKeys.getDefaultKey(); > let privkey = PrivKeys.get(pubkey.privateKeyUri); > > let meta = CryptoMetas.get(this.encryption); > let symkey = meta.getKey(privkey, passphrase); > >- this.cleartext = JSON.parse(Svc.Crypto.decrypt(this.ciphertext, >- symkey, meta.bulkIV)); >+ this.cleartext = JSON.parse(Svc.Crypto.decrypt(this.ciphertext, symkey, >+ this.IV)); nit: align this.IV with this.ciphertext
Attachment #431450 - Flags: review?(mconnor) → review+
Whiteboard: [has patch][has review]
http://hg.mozilla.org/labs/weave/rev/f21e9a157628 Generate a random IV on every encrypt instead of taking it from the CryptoMeta. Don't bother generating a bulkIV per CryptoMeta.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: [has patch][has review]
Component: Firefox Sync: Crypto → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: