Comment 21 for bug 1175367
Revision history for this message
| Simo Sorce (simo-x) wrote Re: Memcache encryption middleware improperly implemented | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I am sorry Bryan,
apparently when I re-checked about the mode I looked at the first patch in this bug, which used MODE_CFB.
I just checked the last patch does use MODE_CBC, so all fine there.
For HKDF here is my current WIP implementation:
https:/
Look into openstack/
I do not see attack vectors with the current code either. I checked that signed/encrypted blobs could not be swapped for example, but if I understand correctly the full token is used to derive the keys so there should be no way to swap blobs and have authentication pass.
In theory there is a 1 in a 2^64 chance (I think, probably lower) that 2 tokens will generate the same cache_key, but I do not see how that could be practically used in any way.