AES Crypto AV

igors233 · 2020-10-19 16:53:01

Hi, I'm getting AV in TAES.DoBlocksThread, version from yesterday.
Am I doing something wrong here?

function AESEncrypt(const AContent, APass: RawByteString): RawByteString;
var
  Digest: TSHA256Digest;
begin
  SHA256Weak(APass, Digest);
  Result := BinToBase64(SynCrypto.AES(Digest, SizeOf(Digest), AContent, True));
end;

procedure TForm3.btnEncClick(Sender: TObject);
var
  Temp: RawByteString;
begin
  Temp := AESEncrypt('Lorem ipsum do', '123456');   // Works
  Temp := AESEncrypt('Lorem ipsum dolor sit amet, consectetur adipiscin', '123456'); // Fails - AV
end;

Last edited by igors233 (2020-10-19 16:54:13)

ab · 2020-10-19 17:10:44

Don't use this AES() function which is clearly deprecated and should not be called. It uses ECB, which is a not safe block mode.

Take a look at EncryptPKCS7/DecryptPKCS7 methods of a safe class, e.g. TAESOFB.

igors233 · 2020-10-19 20:53:03

Thanks, I wasn't aware of this, it would be good to mark AES procedure as unsafe
Is it OK to use, TAESOFB.SimpleEncrypt?

ab · 2020-10-20 14:01:34

It is documented as deprecated, and disabled in mORMot2 in "pure mode".

And yes, TAESOFB.SimpleEncrypt is safe.

mORMot Open Source

#1 2020-10-19 16:53:01

AES Crypto AV

#2 2020-10-19 17:10:44

Re: AES Crypto AV

#3 2020-10-19 20:53:03

Re: AES Crypto AV

#4 2020-10-20 14:01:34

Re: AES Crypto AV

Board footer