Skip to content

OpenSSL::Cipher#decrypt/encrypt deprecated #3

@danielbln

Description

@danielbln

webrick/mongrel throw the following warnings:

mortimer/vendor/gems/sentry-0.3.1/lib/sentry/symmetric_sentry.rb:25: warning: argumtents for OpenSSL::Cipher::Cipher#encrypt and OpenSSL::Cipher::Cipher#decrypt were deprecated; use OpenSSL::Cipher::Cipher#pkcs5_keyivgen to derive key and IV

Explanation:
http://stackoverflow.com/questions/1349397

Possible alternative:
http://github.com/shuber/attr_encrypted/

Sometimes mortimer seems to lock up for about 1-5 seconds when resetting user passwords and/or logging out (tested under webrick and mongrel/apache), I suspect the warning has something to do with that, but don't have any proof yet.

It seems that sentry calls deprecated functions (no surprise here, last sentry upstream commit is from 2006). This could be a security issue, since from what I understand it generates weaker keys than it should.

Unfortunately I'm not yet comfortable enough with the codebase to provide a workaround/patch.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions