Comment 20 for bug 1175367
Revision history for this message
| Bryan D. Payne (bdpayne) wrote Re: Memcache encryption middleware improperly implemented | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
- If you would like to update the patch to include HKDF, I wouldn't object.
- This patch does use AES-128-CBC. I promise! Go check again :-) I worked with Paul on creating a padding scheme to make CBC possible here. Note the line: AES.new(key, AES.MODE_CBC, iv)
- If you have an alternate suggestion here, I'm open to it. As it is, I can't think of an attack vector with the current code.