[SECURITY] Insecure AES-GCM nonce usage in website_handlers #19

New issue

Open

opened 2026-02-14 21:24:45 +00:00 by thabeta · 0 comments

thabeta commented

2026-02-14 21:24:45 +00:00

Owner

The decrypt_block function in src/server/website_handlers.rs uses the encryption key as the nonce for AES-GCM decryption.

let nonce = Nonce::from_slice(&block.key[..12]);

Risk: Reusing the key (or even a subset of it) as a nonce is a major cryptographic failing in AES-GCM. It can lead to the "Forbidden Attack," allowing an attacker to recover the authentication key or decrypt other blocks if the same key/nonce pair is used more than once.

Fix: Ensure the meta::Block structure stores a unique, randomly generated nonce alongside the key and block ID.

The `decrypt_block` function in `src/server/website_handlers.rs` uses the encryption key as the nonce for AES-GCM decryption. ```rust let nonce = Nonce::from_slice(&block.key[..12]); ``` **Risk:** Reusing the key (or even a subset of it) as a nonce is a major cryptographic failing in AES-GCM. It can lead to the "Forbidden Attack," allowing an attacker to recover the authentication key or decrypt other blocks if the same key/nonce pair is used more than once. **Fix:** Ensure the `meta::Block` structure stores a unique, randomly generated nonce alongside the key and block ID.