DEP0106:crypto.createCipher 和 crypto.createDecipher
¥DEP0106: crypto.createCipher
and crypto.createDecipher
类型:运行时
¥Type: Runtime
必须避免使用 crypto.createCipher()
和 crypto.createDecipher()
,因为它们使用弱密钥派生函数(无盐的 MD5)和静态初始化向量。建议使用 crypto.pbkdf2()
或 crypto.scrypt()
和随机盐派生密钥,并使用 crypto.createCipheriv()
和 crypto.createDecipheriv()
分别获得 Cipher
和 Decipher
对象。
¥Using crypto.createCipher()
and crypto.createDecipher()
must be
avoided as they use a weak key derivation function (MD5 with no salt) and static
initialization vectors. It is recommended to derive a key using
crypto.pbkdf2()
or crypto.scrypt()
with random salts and to use
crypto.createCipheriv()
and crypto.createDecipheriv()
to obtain the
Cipher
and Decipher
objects respectively.