Headline
CVE-2023-46133: v2.1.0 · entronad/crypto-es@d506677
CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a ‘strength’ or ‘difficulty’ value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.
Expand Up @@ -4,72 +4,72 @@ import C from '…/lib/index.js’; describe('pbkdf2’, () => { it('keySize 128’, () => { expect(C.PBKDF2('password’, 'ATHENA.MIT.EDUraeburn’, { keySize: 128 / 32 }).toString()) .toBe(‘cdedb5281bb2f801565a1122b2563515’); .toBe(‘62929ab995a1111c75c37bc562261ea3’); });
it('keySize 256’, () => { expect(C.PBKDF2('password’, 'ATHENA.MIT.EDUraeburn’, { keySize: 256 / 32 }).toString()) .toBe(‘cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837’); .toBe(‘62929ab995a1111c75c37bc562261ea3fb3cdc7e725c4ca87c03cec5bb7663e1’); });
it('keySize 128 iterations 2’, () => { expect(C.PBKDF2('password’, 'ATHENA.MIT.EDUraeburn’, { keySize: 128 / 32, iterations: 2 }).toString()) .toBe(‘01dbee7f4a9e243e988b62c73cda935d’); .toBe(‘262fb72ea65b44ab5ceba7f8c8bfa781’); });
it('keySize 256 iterations 2’, () => { expect(C.PBKDF2('password’, 'ATHENA.MIT.EDUraeburn’, { keySize: 256 / 32, iterations: 2 }).toString()) .toBe(‘01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86’); .toBe(‘262fb72ea65b44ab5ceba7f8c8bfa7815ff9939204eb7357a59a75877d745777’); });
it('keySize 128 iterations 1200’, () => { expect(C.PBKDF2('password’, 'ATHENA.MIT.EDUraeburn’, { keySize: 128 / 32, iterations: 1200 }).toString()) .toBe(‘5c08eb61fdf71e4e4ec3cf6ba1f5512b’); .toBe(‘c76a982415f1acc71dc197273c5b6ada’); });
it('keySize 256 iterations 1200’, () => { expect(C.PBKDF2('password’, 'ATHENA.MIT.EDUraeburn’, { keySize: 256 / 32, iterations: 1200 }).toString()) .toBe(‘5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13’); .toBe(‘c76a982415f1acc71dc197273c5b6ada32f62915ed461718aad32843762433fa’); });
it('keySize 128 iterations 5’, () => { expect(C.PBKDF2('password’, C.enc.Hex.parse(‘1234567878563412’), { keySize: 128 / 32, iterations: 5 }).toString()) .toBe(‘d1daa78615f287e6a1c8b120d7062a49’); .toBe(‘74e98b2e9eeddaab3113c1efc6d82b07’); });
it('keySize 256 iterations 5’, () => { expect(C.PBKDF2('password’, C.enc.Hex.parse(‘1234567878563412’), { keySize: 256 / 32, iterations: 5 }).toString()) .toBe(‘d1daa78615f287e6a1c8b120d7062a493f98d203e6be49a6adf4fa574b6e64ee’); .toBe(‘74e98b2e9eeddaab3113c1efc6d82b073c4860195b3e0737fa21a4778f376321’); });
it('keySize 128 iterations 1200 pass phrase equals block size’, () => { expect(C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX’, 'pass phrase equals block size’, { keySize: 128 / 32, iterations: 1200 }).toString()) .toBe(‘139c30c0966bc32ba55fdbf212530ac9’); .toBe(‘c1dfb29a4d2f2fb67c6f78d074d66367’); });
it('keySize 256 iterations 1200 pass phrase equals block size’, () => { expect(C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX’, 'pass phrase equals block size’, { keySize: 256 / 32, iterations: 1200 }).toString()) .toBe(‘139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1’); .toBe(‘c1dfb29a4d2f2fb67c6f78d074d663671e6fd4da1e598572b1fecf256cb7cf61’); });
it('keySize 128 iterations 1200 pass phrase exceeds block size’, () => { expect(C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX’, 'pass phrase exceeds block size’, { keySize: 128 / 32, iterations: 1200 }).toString()) .toBe(‘9ccad6d468770cd51b10e6a68721be61’); .toBe(‘22344bc4b6e32675a8090f3ea80be01d’); });
it('keySize 256 iterations 1200 pass phrase exceeds block size’, () => { expect(C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX’, 'pass phrase exceeds block size’, { keySize: 256 / 32, iterations: 1200 }).toString()) .toBe(‘9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a’); .toBe(‘22344bc4b6e32675a8090f3ea80be01d5f95126a2cddc3facc4a5e6dca04ec58’); });
it('keySize 128 iterations 50’, () => { expect(C.PBKDF2(C.enc.Hex.parse(‘f09d849e’), 'EXAMPLE.COMpianist’, { keySize: 128 / 32, iterations: 50 }).toString()) .toBe(‘6b9cf26d45455a43a5b8bb276a403b39’); .toBe(‘44b0781253db3141ac4174af29325818’); });
it('keySize 256 iterations 50’, () => { expect(C.PBKDF2(C.enc.Hex.parse(‘f09d849e’), 'EXAMPLE.COMpianist’, { keySize: 256 / 32, iterations: 50 }).toString()) .toBe(‘6b9cf26d45455a43a5b8bb276a403b39e7fe37a0c41e02c281ff3069e1e94f52’); .toBe(‘44b0781253db3141ac4174af29325818584698d507a79f9879033dec308a2b77’); });
it('input integrity’, () => { Expand Down
Related news
Maintainer: please click 'request CVE' when accepting this report so that upstream fixes of this vulnerability can be tracked. **Thank you for your hard work maintaining this package.** ### Impact #### Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and [at least 1,300,000 times weaker than current industry standard][OWASP PBKDF2 Cheatsheet]. This is because it both (1) defaults to [SHA1][SHA1 wiki], a cryptographic hash algorithm considered insecure [since at least 2005][Cryptanalysis of SHA-1] and (2) defaults to [one single iteration][one iteration src], a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to [preimage][preimage attack] and [collision][collision attack] attacks. Remediation of this issue might be very difficult, as the changes required to fix this issue would change the output of this method and thus break most, if not all, current uses of this method as ...