Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #44081 Internal symmetric cryptographic API should be resistant against Invisible Salamanders / Confused Deputies attacks
    Actions
    Infos
    #44081
    Thomas Gerbet (tgerbet)
    2025-08-05 17:33
    2025-08-05 17:33
    45776
    Details
    Internal symmetric cryptographic API should be resistant against Invisible Salamanders / Confused Deputies attacks

    In it's current form the our internal API does not make possible to prevent this sort of attack from happening, it should.

    References:
    https://eprint.iacr.org/2019/016
    https://soatok.blog/2023/03/01/database-cryptography-fur-the-rest-of-us/

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Under implementation
    Empty
    Attachments
    Empty
    References
    Referencing request #44081

    Git commit

    tuleap/tuleap/stable

    chore: Move current symmetric crypto implementation to a legacy namespace 2cc4163f8e
    User avatar Thomas Gerbet (tgerbet) , 2025-08-06 09:34