1 comment

[ 8.2 ms ] story [ 45.1 ms ] thread
- Issue 1: using uninitialised keys. - Issue 2: IV reuse in AES-GCM when a file is re-encrypted after an update. - Issue 3: a malicious server can place a chosen key in a victim user's encrypted keystore; the user then rotates everything to that key on next login/update.