[technion]

I don't like this "secret storage" system. Unauthenticated CBC mode, and doesn't actually set an IV (I'm assuming a hardcoded default comes into play).

[stouset]

This needs to be higher up. It's using Blowfish (a 64-bit block cipher), unauthenticated, in CBC mode. These should not be the defaults for a system designed and built in the past five years.

[timdorr]

Looks like you opened up an issue, which is a good first step: https://github.com/rails/rails/issues/28135

Not sure how much of the Rails team browses HN comments, but an issue will certainly get their attention.

[stouset]

And I opened a PR to fix the issue :)

[deedubaya]

What should be the default?

[stouset]

AES-128-GCM (or ChaCha20-Poly1305 if you're feeling particularly hipster) with a new, random IV every time data is encrypted.

[technion]

It only addresses half the problem, but Ruby's own man page has a bolded warning:

http://ruby-doc.org/stdlib-2.4.0/libdoc/openssl/rdoc/OpenSSL...

    Always create a secure random IV for every encryption of your Cipher