crypto: move createCipher to runtime deprecation (!22089) · Merge requests · Rodrigo Test / Test Group-nodejs / node

createCipher is still being used, but it seems appropriate to have a runtime deprecation in one of the next major releases. Reasons include:

It uses static IVs: Encrypting the same message with the same password will always yield the same ciphertext. While this is generally considered bad practice and can lead to severe security issues on its own, it also means that any counter-mode cipher is more or less useless when used with createCipher, see https://github.com/nodejs/node/pull/13821.
Its KDF is non-configurable and doesn't use a salt, meaning that the same password always results in the same key. It also allows brute-force attacks since computing MD5 with a single iteration is incredibly fast on modern processors / GPUs.
There are instances where using createCipher is relatively secure, but its simple API makes it especially appealing to people who are new to cryptography, possibly leading to immense security risks.
It has been documentation-only deprected since node 10, see https://github.com/nodejs/node/pull/19343.
If people want to have this functionality for whatever reason, it is still possible by using createCipheriv (thanks to https://github.com/nodejs/node/pull/18644) and manually deriving the static key / IV. If people are using this for legitimate reasons, we can still un-deprecate it.

Admin message