"Carelessness versus craftsmanship in cryptography"
Hacker News
February 18, 2026
AI-Generated Deep Dive Summary
Two popular AES libraries, aes-js and pyaes, have been found to provide dangerous default initialization vectors (IVs) in their AES-CTR API, leading to key/IV reuse vulnerabilities that affect thousands of projects. This issue arises because the libraries do not require an IV when initializing encryption, instead using a default value of 0x00000000_00000000_00000001 if none is provided. Such behavior creates significant security risks, as reusing the same key and IV pair in AES-CTR mode allows attackers to recover plaintexts by XORing ciphertexts.
This problem is particularly concerning because aes-js and pyaes are widely used, with aes-js integrated into over 850 npm packages and millions of GitHub repositories. Their popularity means that many projects unknowingly rely on insecure defaults, making them vulnerable to exploitation. For instance, encrypting two messages with the same key and IV in CTR mode reveals the XOR of their plaintexts, severely compromising security.
The contrast between how maintainers responded to this issue highlights the importance of responsible software practices. While strongSwan addressed a related vulnerability comprehensively, aes-js/pyaes' maintainer took a more cavalier approach. This disparity underscores the critical need for developers to prioritize encryption best practices and avoid relying on default values that compromise security.
The broader implication
Verticals
techstartups
Originally published on Hacker News on 2/18/2026