You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Taking a quick look at the source code, it seems that both attr_encryptor and activesupport use the same underlying encryption techniques, but activesupport goes one step further with its encrypt_and_sign and decrypt_and_verify methods. These apparently mitigate padding attacks. The plain encrypt/decrypt methods are deprecated because of this vulnerability.
Does attr_encryptor already mitigate this attack?
The text was updated successfully, but these errors were encountered:
Is attr_encryptor vulnerable to the same padding attacks that are mentioned in ActiveSupport::MessageEncryptor?
Taking a quick look at the source code, it seems that both attr_encryptor and activesupport use the same underlying encryption techniques, but activesupport goes one step further with its
encrypt_and_signanddecrypt_and_verifymethods. These apparently mitigate padding attacks. The plain encrypt/decrypt methods are deprecated because of this vulnerability.Does attr_encryptor already mitigate this attack?
The text was updated successfully, but these errors were encountered: