Streaming AEAD overflow
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
- Affected Versions
- Tink version 1.0 - 1.3.x on Java
- Tink version 1.0 - 1.3.x on Android
- Tink version 1.0 - 1.3.x on Golang
- Affected Key Types
- AES-GCM-HKDF
Description
Streaming AEAD implementations encrypt the plaintext in
segments. Tink uses a 4-byte segment counter. When encrypting a stream
consisting of more than 232 segments, the segment counter might
overflow and lead to leakage of key material or plaintext.
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2024-11-14。
[null,null,["最后更新时间 (UTC):2024-11-14。"],[],["Tink versions 1.0-1.3.x on Java, Android, and Golang are affected, specifically with AES-GCM-HKDF key types. The issue arises in Streaming AEAD implementations where data is encrypted in segments. When a stream exceeds 2^32 segments, the 4-byte segment counter overflows. This overflow can potentially cause the leakage of key material or plaintext.\n"]]
