Skip to content

Static IV Usage in AES Encryption #5

New issue
New issue
Open
Open
Static IV Usage in AES Encryption#5
@spblue4422

Description

@spblue4422
spblue4422
opened on Apr 9, 2025

Hi, I've noticed that the AES encryption implementation in this repository uses a fixed IV value (e.g., 16 * b'\x00').
Using a static IV in modes like CBC can lead to serious security vulnerabilities, as it allows attackers to detect patterns in encrypted data and potentially decrypt or manipulate it.
According to cryptographic best practices, IVs should be randomly generated for each encryption operation to ensure confidentiality and prevent attacks.

Would it be possible to update this in future releases by replacing the static IV with a secure, randomly generated IV?
The line that I noticed is as follows.

Venoma/aes.py

Lines 14 to 15 in c638d36

iv = 16 * b'\x00'
cipher = AES.new(hashlib.sha256(KEY).digest(), AES.MODE_CBC, iv)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions