Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. […] The aes-js/pyaes maintainer, on the other hand, has taken a more… cavalier approach.

🔓 https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/

#aesctr #itsecurity #key #javascript #js #iv #pyaes #cryptography #carelessness #aes #cybersecurity #cryptography #itsec #encryption #craftsmanship #reuse #fail

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. […] The aes-js/pyaes maintainer, on the other hand, has taken a more… cavalier approach.

🔓 https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/

#aesctr #itsecurity #key #javascript #js #iv #pyaes #cryptography #carelessness #aes #cybersecurity #cryptography #itsec #encryption #craftsmanship #reuse #fail