I am currently trying to encrypt data at rest with NodeJS, I have read in the Node API docs that createCipher
is not recommended.
The implementation of crypto.createCipher() derives keys using the OpenSSL function EVP_BytesToKey with the digest algorithm set to MD5, one iteration, and no salt. The lack of salt allows dictionary attacks as the same password always creates the same key. The low iteration count and non-cryptographically secure hash algorithm allow passwords to be tested very rapidly.
In line with OpenSSL's recommendation to use pbkdf2 instead of EVP_BytesToKey it is recommended that developers derive a key and IV on their own using crypto.pbkdf2() and to use crypto.createCipheriv() to create the Cipher object.
Is createCipher
still a viable and secure way to encrypt data at rest? Should this method be considered deprecated?
Is it feasible for a well informed attacker to potentially decrypt data?
Should a solution using createCipheriv
always be preferred over createCipher
?
Any other details or recommendations appreciated.
createCipheriv() method is an inbuilt application programming interface of the crypto module which is used to create a Cipher object, with the stated algorithm, key and initialization vector (iv). Syntax: crypto.createCipheriv( algorithm, key, iv, options )
iv – Also known as the initialization vector. This parameter takes input for iv that will make the cipher uncertain and unique. It does not need to be a secret. Its possible value types are: string, buffer, TypedArray, DataView.
It includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions. crypto is built into Node. js, so it doesn't require rigorous implementation process and configurations. Unlike other modules, you don't need to install Crypto before you use it in your Node.
const encrypted = key. encrypt(data, 'base64'); res. json({ status: 200, message: "Done", data: encrypted; });
Is createCipher still a viable and secure way to encrypt data at rest?
Although it is of course never recommended to use deprecated API calls, it is possible to create a secure system using createCipher
. For this the given "password" must be strong enough to withstand offline, and possibly parallel attacks. For this the given password must have enough entropy (must be random enough) not to be guessed. For instance, you can create ~80 bit or higher passwords using a password manager and use those.
Should a solution using
createCipheriv
always be preferred overcreateCipher
?
Yes, if just because the author has already warned you and any review of your code will have to reconsider if createCipher
is still viable. If the method is ever removed from the CryptoJS (unlikely, but it has been deprecated after all) then your code would not run anymore.
Still, the use of createCipheriv
will be less secure than createCipher
if you use a password directly as key. You should still use a correct password based key derivation function such as PBKDF2 to derive the output key material - as indicated in the updated documentation.
Any other details or recommendations appreciated.
In most cases you want to use a higher end encryption / decryption method such as the Cryptographic Message Syntax (CMS, specified in PKCS#7), PGP or similar high end protocols / container formats.
If you really need to use a cipher directly you should try and see if authenticated encryption such as offered by GCM is an option.
The now depreciated createCipher
function didn’t allow for a unique iv
which is why createCipheriv
is preferred.
While deriving a key using any key derivation functionality it doesn’t assist in protecting the cipher text from dictionary attacks that an iv
prevents.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With