fix(wallet): set Argon2 derived bytes for AES IV #1703
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1703 +/- ##
==========================================
+ Coverage 75.07% 76.18% +1.10%
==========================================
Files 234 242 +8
Lines 12156 18668 +6512
==========================================
+ Hits 9126 14222 +5096
- Misses 2582 3983 +1401
- Partials 448 463 +15 🚀 New features to boost your workflow:
|
b00f
changed the title
b00f
changed the title
Ja7ad
requested changes
Mar 10, 2025
| defaultIterations = 3 | ||
| defaultMemory = 65536 // 2 ^ 16 | ||
| defaultParallelism = 4 | ||
| defaultKeyLen = 48 |
There was a problem hiding this comment.
I can't find recommended value for KeyLen and what is it keylen?
There was a problem hiding this comment.
Check above explanation
Ja7ad
approved these changes
Mar 11, 2025
Ja7ad
approved these changes
Mar 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR updates the encryption logic to use Argon2-derived bytes for the Initialization Vector (IV) in AES, replacing the legacy approach of reusing the salt as the IV.
Explanation:
In the legacy or previous approach, we used the same salt in the Password Hasher (Argon2 in this case) as the Initialization Vector (IV) for the AES encryption algorithm. The seed is random and should not be an issue, but some documentation recommends never reusing a seed, even for different purposes.
To address this, we propose extending the key length from 32 bytes to 48 bytes, using the first 32 bytes as the encryption key and the remaining 16 bytes as the IV.
In OpenSSL, the salt is public. I found this code.
The encrypted files usually start with
Salted__.Based on this documentation, the IV is derived from the password in OpenSSL. Check the
-ivsection:We follow the same approach in this PR. Here I found the code that generates IV in OpenSSL.