2

The default params used for AES encryption with CryptoJS are:

  • Cypher: AES-256
  • Mode: cbc
  • Key Derivation: evpkdf (OpenSSL custom, MD5, 1 iteration)

Are these safe to use?

Related: What are the AES parameters used and steps performed internally by crypto-js while encrypting a message with a password?

Community
  • 1
  • 1
Ruben de Vries
  • 535
  • 5
  • 14
  • `EVPKDF` is a deprecated passphrase-based key derivation class, it is no longer considered secure enough. – zaph Mar 21 '16 at 12:11
  • If your password is short, then this is pretty bad. If not (at least 20 characters), then it's ok. You should probably define the level of security that is appropriate for you. – Artjom B. Mar 21 '16 at 15:32
  • What does it use for a MAC? Does it even use a MAC? – Scott Arciszewski Mar 21 '16 at 19:06

1 Answers1

2

Answering my own question; NO! ABSOLUTELY NOT!

CryptoJS by default does only a single iteration of MD5 hashing over the password, which is extremely weak unless the password is extremely strong!

Correct key derivation of arbitrary passwords should do key derivation with something along the 30k iterations!

Ruben de Vries
  • 535
  • 5
  • 14