|
|
|
|
|
|
by martinralbrecht
1172 days ago
|
|
|
- Issue 1: using uninitialised keys.
- Issue 2: IV reuse in AES-GCM when a file is re-encrypted after an update.
- Issue 3: a malicious server can place a chosen key in a victim user's encrypted keystore; the user then rotates everything to that key on next login/update. |
|
|