[Security:improvement] Improved use of cryptography
Poking different parts of the code base it would appear that the use of cryptography by LLNG needs to be reviewed, updated, and simplified. Some examples:
-
Lemonldap::NG::Common::Crypto
has code to use md5 to what looks like a key-derivation function. PBKDF2 and similar HMAC-based algorithms exist to do that. - data seems to be encrypted, again with the Crypto module, but not signed. Authenticated encryption should be critical if the encrypted data is ever sent to or received from an untrusted party.
- Use of non-crypto-safe rngs like in #1803 (closed) and #1633 (closed)
- Lastly, but worrisome, by using a low-level primitive like AES directly it appears that some basics were forgotten: the same key appears to be used to sign multiple messages without ever setting an initialization vector! meaning that the IV in use is always a zero.
Libraries such as NaCl and libsodium were created to reduce the complexity of using cryptographic functions the right way. Perhaps using one of the perl binding to libsodium could be a way to address these problems.
E.g. for #1803 (closed) there's randombytes_uniform
. For encryption? crypto_secretbox_*
, data authentication? crypto_auth
.
Marking this issue as confidential given that the IV reuse could be pretty serious. I have not tried to asses the impact in the case of LLNG. C.f. https://cwe.mitre.org/data/definitions/329.html