Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request)

[Florian Weimer <fw () deneb enyo de>]

* Florian Weimer:

> * Vincent Danen:
>
> > > And you can group by encrypted column values in the database.  That's
> > > why I'm not sure if it's actually possible to address this issue in a
> > > satisfying manner.
> >
> > So the encryption can be more fine-grained than just per-table?  You can
> > also do it per-column?  If that's the case, this does sound a lot uglier
> > to deal with.
>
> This test case suggests to me that you have to specify the list of
> encrypted columns explicitly:
>
> <http://elixir.ematia.de/trac/browser/elixir/trunk/tests/test_encryption.py>
>
> Based on this example, it's not clear to me if the current
> implementation supports get_by with an encrypted column.  If this is a
> feature which needs preserving, there is no apparent way around
> convergent encryption.

So it turns out that this passes the assert:

        p = Person.get_by(password='r\\x9d\\xa8\\xb4\\x8d|\\xffp\\xf5\\x0e')
        assert p.name == 'Jonathan LaCour'

But this fails because p is None:

        p = Person.get_by(ssn='123-45-6789')
        assert p.name == 'Jonathan LaCour'

This suggests to me that get_by on an encrypted column is not actually
supported.

The documentation doesn't describe which queries are supported:
<http://elixir.ematia.de/apidocs/elixir.ext.encrypted.html>