Node: (node:16163) Warning: Use Cipheriv for counter mode of aes-256-ctr Error After Upgrading To Node v8.9.0
Today upgraded node to v8.9.0 and after runing my application.js i get this from node:
(node:16163) Warning: Use Cipheriv for counter mode of aes-256-ctr
(node:16163) Warning: Use Cipheriv for counter mode of aes-256-ctr
(node:16163) Warning: Use Cipheriv for counter mode of aes-256-ctr
it gets warning every seconds so on octa core cpu all threads go up to 100% i can't kill it and need to do in terminal killall -9 node
this code i have in application.js and is working in previus version of node:
var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
So i think i need to change aes-256-ctr to some other algorithm name so please write me how can i fix this so that i can use my application.js in new node version...i need minor change in code so that my code changes untouched...so what is fix for this?
ronovar
All 9 comments
It's in the warning: use crypto.createCipheriv(), not crypto.createCipher().
bnoordhuis
on 4 Nov 2017
Thanks...your solution works.
ronovar
on 4 Nov 2017
@ronovar How you get rid it ? pls help
cuongnv-ibl
on 21 Nov 2017
@bnoordhuis I wonder replacing crypto.createCipher() with crypto.createCipheriv() may cause any problems like preventing me from decrpting previously encrypted data with crypto.createCipher()... is it 100% safe in this sense? Thanks a lot. (btw not a crypto expert here haha)
renatoargh
on 29 Nov 2017
I uploaded a script to make migrating to crypto.createCipheriv() easier:
Usage:
node bytestokey.js CIPHER PASSPHRASE
Example:
node bytestokey.js aes-128-cbc secret
Prints:
key: 5ebe2294ecd0e0f08eab7690d2a6ee69
iv: 26ae5cc854e36b6bdfca366848dea6bb
Now update your code and replace this:
const cipher = crypto.createCipher('aes-128-cbc', 'secret');
With this:
const key = Buffer.from('5ebe2294ecd0e0f08eab7690d2a6ee69', 'hex');
const iv = Buffer.from('26ae5cc854e36b6bdfca366848dea6bb', 'hex');
const cipher = crypto.createCipheriv('aes-128-cbc', key, iv);
Get it here: https://gist.github.com/bnoordhuis/2de2766d3d3a47ebe41aaaec7e8b14df
For counter modes it prints a big fat warning that you should take __very__ seriously.
bnoordhuis
on 30 Nov 2017
they should correct the warning, should say "createCipheriv" and be more informative
mscheffer
on 27 Dec 2017
@mscheffer createCipheriv() is a wrapper around Cipheriv so one or the other doesn't really matter.
As to "more informative", that's too vague to be actionable, you'll have to be more concrete (dare I say: more informative?)
bnoordhuis
on 27 Dec 2017
Hi @bnoordhuis, Thank a lot for your script. It helped me in some cases.
But looks like this script doesn't work with PASSPHRASE containing: #$-_ charsets.
For example: N7bz2FTM$UHc#rPmveVEQ-ZnXSYqaD6uWgAxsLjdCwJ_Bfyt54
andrew-polyansky
on 16 Feb 2018
key: 5ebe2294ecd0e0f08eab7690d2a6ee69 iv: 26ae5cc854e36b6bdfca366848dea6bb
Thanks for your code, a question how we should generate key and iv?
RezaRahmati
on 3 Dec 2018
Related issues
stevenvachon
路
3Comments
ksushilmaurya
路
3Comments
mcollina
路
3Comments
srl295
路
3Comments
Icemic
路
3Comments
Most helpful comment
I uploaded a script to make migrating to
crypto.createCipheriv()easier:Get it here: https://gist.github.com/bnoordhuis/2de2766d3d3a47ebe41aaaec7e8b14df
For counter modes it prints a big fat warning that you should take __very__ seriously.