feat: improve password encryption methods #675

jinoosss · 2025-01-28T10:23:49Z

Removed Static Key Usage:
- Eliminated the use of a hardcoded static encryption key (ENCRYPT_CIPHER_KEY), reducing the risk of key leakage or unauthorized access.
Implemented AES-GCM:
- Transitioned from AES-CBC (CryptoJS) to AES-GCM using Web Crypto API, which provides built-in integrity verification through authentication tags.
Introduced Initialization Vector (IV):
- Added a dynamically generated IV (crypto.getRandomValues) to ensure that identical inputs produce different encrypted outputs.
In-Memory Key Management:
- Encryption keys are now stored only in memory using CryptoKey, ensuring they are not persisted in session or local storage.

jinoosss requested a review from a team as a code owner January 28, 2025 10:23

jinoosss requested review from onlyhyde and dongwon8247 January 28, 2025 10:23

feat: improve password encryption methods

5a20b39

jinoosss force-pushed the ADN-665-hal-007-critical-reuse-of-static-encryption-key branch from 672e91c to 5a20b39 Compare January 29, 2025 01:39

dongwon8247 approved these changes Jan 30, 2025

View reviewed changes

jinoosss merged commit a7b735c into main Jan 30, 2025
2 checks passed

jinoosss deleted the ADN-665-hal-007-critical-reuse-of-static-encryption-key branch January 30, 2025 07:42

dongwon8247 mentioned this pull request Jan 30, 2025

HAL-007 #669

Open

Provide feedback