Welcome
|
FAQ
|
Downloads
|
Wiki
Tiny Core Linux
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
Need an
Introduction
to Tiny Core? Or peruse
Core Concepts
.
Home
Help
Login
Register
Tiny Core Linux
»
Tiny Core Base
»
TCB Bugs
»
bcrypt used to encrypt mydata.bfe uses ECB
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: bcrypt used to encrypt mydata.bfe uses ECB (Read 2164 times)
adb014
Newbie
Posts: 16
bcrypt used to encrypt mydata.bfe uses ECB
«
on:
February 06, 2023, 04:06:38 PM »
Looking at the debian bug report and their solution (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700758
) it seems that bcrypt is seriously broken. As it used Electronic Code Book for its operation mode, it encrypts the same blocks of data to the same value. An example of the problem can easily be seen on the wikipedia page [
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB
) ]. Could bcrypt be replaced with ccrypt (
https://ccrypt.sourceforge.net
) that uses AES256 with a CFB operation mode for the stream cipher and SHA1 for the password hash ?
Logged
curaga
Administrator
Hero Member
Posts: 11049
Re: bcrypt used to encrypt mydata.bfe uses ECB
«
Reply #1 on:
February 07, 2023, 02:35:58 AM »
We mainly use bcrypt for extension submission, to work around gmail filtering. The backup encryption is not meant against nation states really, so as such a weakness in the encryption is not a big issue.
Logged
The only barriers that can stop you are the ones you create yourself.
adb014
Newbie
Posts: 16
Re: bcrypt used to encrypt mydata.bfe uses ECB
«
Reply #2 on:
February 08, 2023, 11:08:14 AM »
Frankly you hardly need to be a nation state to crack any block cipher that is made into a stream cipher using ECB... But ok, its noted, "don't rely of mydata.bfe being secure"
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Tiny Core Linux
»
Tiny Core Base
»
TCB Bugs
»
bcrypt used to encrypt mydata.bfe uses ECB