Commits

Kaspar Schiess  committed 97bdd11

Use a random IV for every message

  • Participants
  • Parent commits bac4b7d

Comments (0)

Files changed (1)

File lib/event_shipper/transport/encrypt.rb

     def enc str
       cipher = OpenSSL::Cipher::AES256.new(:CBC)
       cipher.encrypt
-      # cipher.random_iv
+      iv = cipher.random_iv
       cipher.key = @key
 
       ciphertext = cipher.update(str) + cipher.final
 
-      "Salted__#{@salt}#{ciphertext}" #OpenSSL compatible
+      "#@salt#{iv}#{ciphertext}"
     end
     def dec str
-      salt = str[8..15]
-      str = str[16..-1]
-
+      salt = str[0,8]
+      iv   = str[8,16]
+      str  = str[24..-1]
+      
       cipher = OpenSSL::Cipher::AES256.new(:CBC)
       cipher.decrypt
-      # cipher.random_iv
+      cipher.iv = iv
       cipher.key = generate_key(@password, salt)
 
       cipher.update(str) + cipher.final
 
   dec = EventShipper::Transport::Encryption.new 'password'
   puts dec.dec(str)
+  exit
 
   require 'benchmark'
   puts "Doing it a 1000 times"