Fork and VM clone safety
- Affected Versions
- All Tink versions
- Affected Key Types
- Streaming AEAD, AES-GCM-HKDF
Description
In general, Tink does not aim to provide security if the program does calls to
the UNIX fork() system call, or if the program is cloned on a virtual machine
and then executed multiple times from the same state.
The only concrete problem is known for Streaming AEAD, key type AES-GCM-HKDF. In
this case, such an attack can lead to Tink encrypting different plaintext with
AES GCM using the same nonce, which is known to leak the authentication key.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-14 UTC.
[null,null,["Last updated 2024-11-14 UTC."],[[["Tink does not guarantee security if the program uses UNIX `fork()` or is cloned and executed multiple times from the same state on a virtual machine."],["The known vulnerability affects all Tink versions and specifically impacts the Streaming AEAD key type, AES-GCM-HKDF."],["Exploiting this vulnerability with Streaming AEAD (AES-GCM-HKDF) can lead to plaintext encryption using the same nonce, potentially revealing the authentication key."]]],[]]
