tracker issue : CF-4110208

select a category, or use search below
(searches all categories and all time range)
Title:

AES/CBC/PKCS5Padding Encryption Take too long to encrypt/decrypt

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/CannotReproduce

Reporter/Name(from Bugbase): Matthew Parks / Matthew Parks (Matthew Parks)

Created: 01/25/2016

Components: Security

Versions: 11.0

Failure Type: Engineering Work Item

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Major / All users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 1

Problem Description: Encrypt/Decryption with AES/CBC/PKCS5Padding ends up making pages timeout due to results taking too long to return page in under 60 seconds.  Due to mutliple calls to function to encrypt results to page on building links to pages.

Steps to Reproduce: running attached file shows time to return with total time in seconds to return results with the above mentioned calls

Actual Result:  Encrypt( str, urlKeyA, "AES", "HEX" ) return in 0 second and Encrypt( str, urlKeyA, "AES/CBC/PKCS5Padding", "HEX" ) takes 2 to 10 seconds to return

Expected Result: not exception or error given just not desirable results when a page might encrypt all data returned to a page to build a list of links or such.

Any Workarounds: My work around today is to use the less secure encryption method in lieu of a solution with AES/CBC/PKCS5Padding that is usable.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4110208

External Customer Info:
External Company:  
External Customer Name: Matthew Parks
External Customer Email:  
External Test Config: Windows OS, running CF 11 update 7.

Attachments:

  1. January 28, 2016 00:00:00: 1_testAES.cfm

Comments:

Hi Matthew, Could you attach the file that you have mentioned in the bug. Thanks!
Comment by S P.
4867 | January 26, 2016 11:06:43 PM GMT
Hi Matthew, Can you specify if you are facing this issue on a specific platform or it is generic. Also do mention which java version you are using. Please do try out one of the following workarounds : 1)Since you are using "CBC" feedback mode in AES algorithm, the encryption requires an initialization vector. If not specified an IV will be generated randomly. One option is to pass the IV to encryption function. 2) Another workaround if you are using a linux machine specify the following jvm argument in jvm.config " -Djava.security.egd=/dev/urandom". Please let me know the requested details and if the workaround solves the issue. Thanks, Preethi
Comment by S P.
4868 | January 27, 2016 01:05:59 AM GMT
We are on Windows 2012 R2 Standard as stated in the Platform of ticket. JAVA VERSION is 1.8.0_25. 1) No idea what you are taking about is IV to be ID? OR is IV = ivorsalt. It is not stated as required in documentation as needed. This is my Call to function: Encrypt( str, urlKeyA, "AES/CBC/PKCS5Padding", "HEX" ); 2) does not apply since I am not on linux.
Comment by External U.
4869 | January 27, 2016 03:08:16 PM GMT
Hi Matthew, The IV would be ivorsalt as per the documentation. Do let us know if it worked after providing that. Also, wrt the documentation, the necessary changes would have to be made. Thanks!
Comment by S P.
4870 | June 13, 2016 04:11:44 AM GMT
Since there has been no response, closing the bug. If the issue still exists, do let us know, we would be reopening it. Thanks!
Comment by S P.
4871 | July 01, 2016 02:01:18 AM GMT