Nostr Web Client

#krux v24.11.1

https://github.com/selfcustody/krux/releases/tag/v24.11.1

This release includes a fix for a recently discovered issue #477 in our encryption system. Due to an implementation error, the camera-captured entropy was not being used as intended in our AES-CBC encryption mode. This means that the additional layer of security provided by the camera's randomness was not effectively applied.

## What Does This Mean for You?

*Who is Affected*: Users who have changed their settings to use AES-CBC encryption instead of the default AES-ECB for encrypted backups on flash storage, SD cards, or encrypted QR codes.

*Impact*: The encryption strength for these backups may not be as robust as intended.

## Recommended Action:

If you have used AES-CBC encryption for your backups, we recommend the following steps:

Update Your Device: Please install the latest software update where this issue has been resolved.

Replace Your Backups: After updating, recreate your encrypted backups on flash storage, SD cards, or QR codes to ensure they are secured with the corrected encryption implementation.

Thanks @earthdiver for the finding!

Always test your encrypted backups and keys after creation and have a redundant physical backup of your keys.

Reply to this note

Please Login to reply.

Discussion

No replies yet.