Pages: 1

#1 2020-10-19 16:53:01

igors233
Member
Registered: 2012-09-10
Posts: 234

AES Crypto AV

Hi, I'm getting AV in TAES.DoBlocksThread, version from yesterday.
Am I doing something wrong here? 

function AESEncrypt(const AContent, APass: RawByteString): RawByteString;
var
  Digest: TSHA256Digest;
begin
  SHA256Weak(APass, Digest);
  Result := BinToBase64(SynCrypto.AES(Digest, SizeOf(Digest), AContent, True));
end;

procedure TForm3.btnEncClick(Sender: TObject);
var
  Temp: RawByteString;
begin
  Temp := AESEncrypt('Lorem ipsum do', '123456');   // Works
  Temp := AESEncrypt('Lorem ipsum dolor sit amet, consectetur adipiscin', '123456'); // Fails - AV
end;

Last edited by igors233 (2020-10-19 16:54:13)

Offline

#2 2020-10-19 17:10:44

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,204
Website

Re: AES Crypto AV

Don't use this AES() function which is clearly deprecated and should not be called. It uses ECB, which is a not safe block mode.

Take a look at EncryptPKCS7/DecryptPKCS7 methods of a safe class, e.g. TAESOFB.

Offline

#3 2020-10-19 20:53:03

igors233
Member
Registered: 2012-09-10
Posts: 234

Re: AES Crypto AV

Thanks, I wasn't aware of this, it would be good to mark AES procedure as unsafe
Is it OK to use, TAESOFB.SimpleEncrypt?

Offline

#4 2020-10-20 14:01:34

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,204
Website

Re: AES Crypto AV

It is documented as deprecated, and disabled in mORMot2 in "pure mode".

And yes, TAESOFB.SimpleEncrypt is safe.

Offline

#5 2023-04-14 00:38:02

MichaelFedderson
Member
Registered: 2023-04-13
Posts: 2

Re: AES Crypto AV

Sorry, for replying so late. Based on the code snippet you've provided, it looks like you're using the mORMot framework to perform AES encryption on some input data. One thing you might want to double-check is the size of the input data that you're trying to encrypt. AES has a block size of 128 bits, so if your input data isn't a multiple of 128 bits in length, you may need to pad it to the correct length before encrypting it. Additionally, you might also be interested in checking https://fbs.com/trading/mobile-personal-area, a smart app that provides essential trading information on the go. And it's always helpful to have access to up-to-date market data and analysis when you're making investment decisions.

Last edited by MichaelFedderson (2023-04-15 21:40:40)

Offline

Pages: 1

Board footer

Powered by FluxBB