Is attr_encryptor vulnerable to the same padding attacks that are mentioned in ActiveSupport::MessageEncryptor?
Taking a quick look at the source code, it seems that both attr_encryptor and activesupport use the same underlying encryption techniques, but activesupport goes one step further with its encrypt_and_sign and decrypt_and_verify methods. These apparently mitigate padding attacks. The plain encrypt/decrypt methods are deprecated because of this vulnerability.
Does attr_encryptor already mitigate this attack?
Is attr_encryptor vulnerable to the same padding attacks that are mentioned in ActiveSupport::MessageEncryptor?
Taking a quick look at the source code, it seems that both attr_encryptor and activesupport use the same underlying encryption techniques, but activesupport goes one step further with its
encrypt_and_signanddecrypt_and_verifymethods. These apparently mitigate padding attacks. The plain encrypt/decrypt methods are deprecated because of this vulnerability.Does attr_encryptor already mitigate this attack?