OC\Security\SecureRandom::generate
OC\Security\SecureRandom::generate
will by default use a-Z0-9+/
(64 bytes) character set. The numbers are not predictable, due to the use of random_int
.
Most notably the OC\Security\Crypto::encrypt
method uses an IV with a length of 16 bytes. It is chosen randomly via OC\Security\SecureRandom::generate
with the default character set. There are 256 possible bytes, but in this case it is actually 64 bytes. The permutations is 64^16 (instead of 256^16), which equates to a 12-byte, or 96-bit IV (instead of the expected 16-byte, or 128-bit IV). Use raw bytes when doing cryptographic operations, via random_bytes
.
Do not use OC\Security\Crypto::generate
for cryptographic keys.
It is potentially vulnerable to cache timing attacks because the secret number is used as an index to look up a byte value in string. Read more about cache-timing attacks here.
Reduced permutations increase the chances of IV re-use (which can destroy confidentially), and bring encryption key strength down (chances are still too low with a 256-bit encryption key).
If the complex cache timing attack vector exists, and is abused: it is possible to determine secret values generated with OC\Security\SecureRandom::generate
.