#1 2020-10-19 16:53:01

igors233
Member
Registered: 2012-09-10
Posts: 234

AES Crypto AV

Hi, I'm getting AV in TAES.DoBlocksThread, version from yesterday.
Am I doing something wrong here?

function AESEncrypt(const AContent, APass: RawByteString): RawByteString;
var
  Digest: TSHA256Digest;
begin
  SHA256Weak(APass, Digest);
  Result := BinToBase64(SynCrypto.AES(Digest, SizeOf(Digest), AContent, True));
end;

procedure TForm3.btnEncClick(Sender: TObject);
var
  Temp: RawByteString;
begin
  Temp := AESEncrypt('Lorem ipsum do', '123456');   // Works
  Temp := AESEncrypt('Lorem ipsum dolor sit amet, consectetur adipiscin', '123456'); // Fails - AV
end;

Last edited by igors233 (2020-10-19 16:54:13)

Offline

#2 2020-10-19 17:10:44

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,296
Website

Re: AES Crypto AV

Don't use this AES() function which is clearly deprecated and should not be called. It uses ECB, which is a not safe block mode.

Take a look at EncryptPKCS7/DecryptPKCS7 methods of a safe class, e.g. TAESOFB.

Online

#3 2020-10-19 20:53:03

igors233
Member
Registered: 2012-09-10
Posts: 234

Re: AES Crypto AV

Thanks, I wasn't aware of this, it would be good to mark AES procedure as unsafe
Is it OK to use, TAESOFB.SimpleEncrypt?

Offline

#4 2020-10-20 14:01:34

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,296
Website

Re: AES Crypto AV

It is documented as deprecated, and disabled in mORMot2 in "pure mode".

And yes, TAESOFB.SimpleEncrypt is safe.

Online

Board footer

Powered by FluxBB