[SERVER-63814] Audit Encryption IVs only use 8 bytes of available 12 bytes Created: 18/Feb/22 Updated: 06/Dec/22 Resolved: 22/Feb/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Shreyas Kalyan | Assignee: | Backlog - Security Team |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Participants: |
| Description |
|
The audit encryption IVs increment the IVs using the initialization count and the invocation count from the Symmetric Key. It uses the initialization count as the first 4 bytes of the IV and the invocation count as the last 8 bytes. The initialization count never increments throughout the process, which means that we are not using the first four bytes, leading the number of audit logs that are allowed to be encrypted to be 2^64 instead of 2^96. |