Comments (6)
Specifically on React-native this is an issue.
from simple-crypto-js.
Unbelieveable, how a lib can break all encrypted content with an update with semver ?
Without any way to retrieve all contents already encrypted with previous version ?
I know how open source dev is difficult, and how receiving such complains from people using your work is a pain, but here is a good example of things you should NEVER do.
Ok to mark 2.2 obsolete and vulnerable, but at least change the major version number with such a breaking change. And providing a clue about how to migrate content could be nice.
You could for example publish a 2.x.y version with both 2.3 and 2.2 ciphers, with something like this
try {
// decrypt with 2.3 cipher
} catch (error) {
try {
// decrypt with obsolete 2.2 cipher
} catch (error2) {
// it wasn't a cipher pb, throw previous
throw error
}
}
I'll do this forking 2.2 version under another name, but it was really a bad surprise 👎
from simple-crypto-js.
Agree.
I'll do this forking 2.2 version under another name,
@dcaillibaud When you do so, please give us an info here :)
from simple-crypto-js.
You can do it now, even without forking, set in package.json
"simple-crypto-js": "^2.3.0",
"old-simple-crypto-js": "github:danang-id/simple-crypto-js#2.2.0",
then in your code (after installing npm dependencies)
import SimpleCrypto from 'simple-crypto-js'
import OldSimpleCrypto from 'old-simple-crypto-js'
try {
// decrypt with SimpleCrypto
} catch (error) {
try {
// decrypt with OldSimpleCrypto
} catch (error2) {
// it wasn't a cipher pb, throw previous
throw error
}
}
from simple-crypto-js.
Thanks. Didn't think about this solution. Thanks.
from simple-crypto-js.
Sorry about the breaking changes and not following semver carefully. Unfortunately, I don't think there will be a fix about this issue, and I see the workaround by @dcaillibaud should be enough. Closing this issue for now.
P.S. This project currently not in active maintenance.
from simple-crypto-js.
Related Issues (20)
- compatible with react-native? HOT 1
- SimpleCrypto is Vulnerable to Chosen-Ciphertext Attacks HOT 7
- Warning - crypto-js is currently broken
- Is there an implementation of this lib in PHP? HOT 1
- BUG: SimpleCrypto sees two numbers at the beginning of a string and encrypts it as a number, cutting off the rest of the string. HOT 10
- Empty string encryption HOT 6
- Error: Unable to resolve module `crypto` from `node_modules/simple-crypto-js/node_modules/crypto-js/core.js`: crypto could not be found within the project HOT 3
- Not working anymore in React Native / Expo HOT 4
- Differents behavior on differents env HOT 1
- Getting "Error: Invalid encrypted text received. Decryption halted" while decryption HOT 8
- 0 gets removed when encrypting a number string with leading 0 HOT 2
- Cannot use namespace 'WordArray' as a type - TypeScript 3 HOT 1
- How to change cipherText length
- Big numbers don't work HOT 1
- How do I determine the IV being used?
- Invalid encrypted text received. Decryption halted HOT 1
- Typescript: Cannot find namespace (lib)
- Typescript: failed to parse source map
- Since crypto-js 4.2 (yesterday) decryption of previously encrypted values fail
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simple-crypto-js.