Skip to content

Commit

Permalink
crypto: stronger description for IV reuse
Browse files Browse the repository at this point in the history
  • Loading branch information
shigeki committed Aug 21, 2017
1 parent 9943718 commit ae7dbb1
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -1198,8 +1198,11 @@ rapidly.
In line with OpenSSL's recommendation to use pbkdf2 instead of
[`EVP_BytesToKey`][] it is recommended that developers derive a key and IV on
their own using [`crypto.pbkdf2()`][] and to use [`crypto.createCipheriv()`][]
to create the `Cipher` object. A warning is emitted when counter mode (e.g. CTR,
GCM or CCM) is used in `crypto.createCipher()` in order to avoid IV reuse.
to create the `Cipher` object. Users should not use ciphers with counter mode
(e.g. CTR, GCM or CCM) in `crypto.createCipher()`. A warning is emitted when
they are used in order to avoid the risk of IV reuse that causes
vulnerabilities. For the case when IV is reused in GCM, see [Nonce-Disrespecting
Adversaries][] for details.

### crypto.createCipheriv(algorithm, key, iv)
- `algorithm` {string}
Expand Down Expand Up @@ -2241,6 +2244,7 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL.
[HTML5's `keygen` element]: http://www.w3.org/TR/html5/forms.html#the-keygen-element
[NIST SP 800-131A]: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf
[NIST SP 800-132]: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
[Nonce-Disrespecting Adversaries]: https://github.com/nonce-disrespect/nonce-disrespect
[OpenSSL's SPKAC implementation]: https://www.openssl.org/docs/man1.0.2/apps/spkac.html
[RFC 2412]: https://www.rfc-editor.org/rfc/rfc2412.txt
[RFC 3526]: https://www.rfc-editor.org/rfc/rfc3526.txt
Expand Down

0 comments on commit ae7dbb1

Please sign in to comment.