From 920ff2a2d49af7fb01c731c129bb5905e404f4c1 Mon Sep 17 00:00:00 2001 From: Awiteb Date: Sat, 18 May 2024 11:45:02 +0300 Subject: [PATCH] security: Use system seeded rng for IV Acked-by: Amjad Alsharafi --- src/vault/cipher.rs | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/vault/cipher.rs b/src/vault/cipher.rs index 7422015..f8948cf 100644 --- a/src/vault/cipher.rs +++ b/src/vault/cipher.rs @@ -19,7 +19,7 @@ use std::time::{SystemTime, UNIX_EPOCH}; use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit}; use base32::Alphabet as Base32Alphabet; use clap::ValueEnum; -use rand::{rngs::StdRng, Rng, SeedableRng}; +use rand::{thread_rng, RngCore}; use serde::{Deserialize, Serialize}; use crate::{LprsError, LprsResult}; @@ -78,13 +78,8 @@ pub fn totp_now(secret_base32: &str, hash_function: &TotpHash) -> LprsResult<(St /// /// Note: The IV will be add it to the end of the ciphertext (Last 16 bytes) pub(crate) fn encrypt(master_password: &[u8; 32], data: &[u8]) -> Vec { - let iv: [u8; 16] = StdRng::seed_from_u64( - SystemTime::now() - .duration_since(UNIX_EPOCH) - .expect("SystemTime before UNIX EPOCH!") - .as_secs(), - ) - .gen(); + let mut iv = [0u8; 16]; + thread_rng().fill_bytes(&mut iv); let mut ciphertext = Aes256CbcEnc::new(master_password.into(), &iv.into()).encrypt_padded_vec_mut::(data);