Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

perf(encryption): update encryption method to AES-GCM #424

Merged
merged 2 commits into from
Oct 18, 2024

Conversation

Robert27
Copy link
Member

@Robert27 Robert27 commented Oct 18, 2024

During debugging I noticed the safari warning:
AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like AES-GCM to protect against chosen-ciphertext attacks.

After some research, I discovered that AES-GCM is widely recommended for its built-in authentication mechanism, which helps protect against chosen-ciphertext attacks. This pull request updates our encryption method from AES-CBC/AES-CTR to AES-GCM to address this vulnerability and ensure better security.

@Robert27 Robert27 self-assigned this Oct 18, 2024
@Robert27 Robert27 requested a review from BuildmodeOne October 18, 2024 08:17
@Robert27 Robert27 merged commit 9b26cac into neuland-ingolstadt:develop Oct 18, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants