Use a random IV when encrypting values
What does this MR do and why?
The IV itself can be safely transmitted in public, but it should be unpredictable to prevent certain kinds of attacks. You may use #random_iv to create a secure random IV.
https://ruby-doc.org/stdlib-2.4.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html#method-i-iv-3D
Since Create new way of encrypting tokens - phase 1 -... (!58896 - merged) we derive the iv
from the hexdigest of the token. Since the tokens are random (e.g. Devise.friendly_token
), the IV is random too - that makes this MR a defense-in-depth best practice (not fixing a bugvulnerability).
We should assume that at some point we might have a part of our code base that either can encrypt the same token, or generates a colliding token, and therefore use a random IV.
Before
3.times do
token = TokenAuthenticatableStrategies::EncryptionHelper.encrypt_token(plaintext)
puts "Encrypted: #{token}"
puts "Decrypted: #{TokenAuthenticatableStrategies::EncryptionHelper.decrypt_token(token)}"
end
Encrypted: |sKGWTg2G3hwRKRp3dTVPJPjT0g==2c26b46b68ff
Decrypted: foo
Encrypted: |sKGWTg2G3hwRKRp3dTVPJPjT0g==2c26b46b68ff
Decrypted: foo
Encrypted: |sKGWTg2G3hwRKRp3dTVPJPjT0g==2c26b46b68ff
Decrypted: foo
After
Encrypted: |y8r+WmCQhfECq2oTvenracVSAg==7917cd9ff7f9
Decrypted: foo
Encrypted: |9Eup9OumJO3PTZhQRs9We1IWAA==01b611e4c3d2
Decrypted: foo
Encrypted: |7bqIrs3fI0i55cZoIFamUN5yAA==07360e19bb26
Decrypted: foo
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #412174