Check for encryption method and fail if unsupported in replay #448
Comments
Does this part add anything in this context that I am unable to understand? |
|
@ibnesayeed Pycrypto allowed us to specify variable length key and target string. The implementation in Pycryptodome requires equal length strings. I have yet to look into the (assumed) padding method that Pycrypto was using. This information is needed to ensure a consistent interpretation from Pycryptodome if records were previously created with the ipwb indexer using (XOR, the only method available then) encryption. |
|
The point of this ticket is to check for the method used for encryption and only attempt to decrypt if the method is known (which for now is AES). This ticket has nothing to do with providing a guarantee that previously supported XOR method continues to work. |
Uh oh!
There was an error while loading. Please reload this page.
In #445 @ibnesayeed said:
When we used XOR for encryption prior to this PR, we checked the CDXJ for the respective key and assigned the Cipher class to be instantiated. This check was removed with the move to AES.
We should have conditional checks for different encryption types supported, used, and expected in the CDXJ. A base case can be found in the sample CDXJ files that specify XOR. Despite this specification, the current version of ipwb will use AES, which will cause gibberish to be display.
We can no longer support what we originally expected from XOR-based records, as the assumptions from pycrypto (variable length key/value) are not maintained in pycryptodome.
The text was updated successfully, but these errors were encountered: