/ 
Crypt-CBC-2.17
River stage three • 74 direct dependents • 143 total dependents
Security Advisories (2)
CPANSA-Crypt-CBC-2021-0001 (2021-05-17)

Fixed bug involving manually-specified IV not being used in some circumstances.

CVE-2025-2814 (2025-04-13)

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

Changes for version 2.17 - 2006-01-09

  • -IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly using 8 byte IVs when generating the old-style RandomIV style header (as opposed to the new-style random salt header). This affects data encrypted using the Rijndael algorithm, which has a 16 byte blocksize, and is a significant security issue.
  • The bug has been corrected in versions 2.17 and higher by making it impossible to use 16-byte block ciphers with RandomIV headers. You may still read legacy encrypted data by explicitly passing the -insecure_legacy_decrypt option to Crypt::CBC->new().
  • -The salt, iv and key are now reset before each complete encryption cycle. This avoids inadvertent reuse of the same salt.
  • -A new -header option has been added that allows you to select among the various types of headers, and avoids the ambiguity of having multiple interacting options.
  • -A new random_bytes() method provides access to /dev/urandom on suitably-equipped hardware.

Modules

Crypt::CBC
Encrypt Data with Cipher Block Chaining Mode

Examples

Other files