DEP0106:crypto.createCipher 和 crypto.createDecipher
¥DEP0106: crypto.createCipher and crypto.createDecipher
类型:运行时
¥Type: Runtime
必须避免使用 crypto.createCipher() 和 crypto.createDecipher(),因为它们使用弱密钥派生函数(无盐的 MD5)和静态初始化向量。建议使用 crypto.pbkdf2() 或 crypto.scrypt() 和随机盐派生密钥,并使用 crypto.createCipheriv() 和 crypto.createDecipheriv() 分别获得 Cipher 和 Decipher 对象。
¥Using crypto.createCipher() and crypto.createDecipher() must be
avoided as they use a weak key derivation function (MD5 with no salt) and static
initialization vectors. It is recommended to derive a key using
crypto.pbkdf2() or crypto.scrypt() with random salts and to use
crypto.createCipheriv() and crypto.createDecipheriv() to obtain the
Cipher and Decipher objects respectively.