警告：使用Cipheriv作为aes-256-ctr的计数器模式

Question

在终端中有此警告，有问题跟踪来源或其实际原因/原因。

(node:37770) Warning: Use Cipheriv for counter mode of aes-256-ctr
(node:37770) Warning: Use Cipheriv for counter mode of aes-256-ctr

不幸的是，提供的信息不多。我理解它与Node有关，但不知道如何解决它。 https://nodejs.org/api/crypto.html

节点-v stable 8.9.0 (bottled), HEAD

的package.json

"dependencies": {
    "axios": "^0.17.0",
    "babel-plugin-wrap-in-js": "^1.1.1",
    "babel-runtime": "^6.26.0",
    "body-parser": "^1.18.2",
    "compression": "^1.7.1",
    "cookie": "^0.3.1",
    "dotenv": "^4.0.0",
    "express": "^4.16.2",
    "express-session": "^1.15.6",
    "firebase": "^4.6.0",
    "firebase-admin": "^5.4.3",
    "isomorphic-unfetch": "^2.0.0",
    "js-cookie": "^2.2.0",
    "lusca": "^1.5.2",
    "next": "^4.1.4",
    "next-redux-wrapper": "^1.3.4",
    "node-sass": "^4.5.3",
    "now-logs": "0.0.7",
    "nprogress": "^0.2.0",
    "orm": "^4.0.1",
    "prop-types": "^15.6.0",
    "raw-loader": "^1.0.0-beta.0",
    "react": "^16.0.0",
    "react-dom": "^16.0.0",
    "react-redux": "^5.0.6",
    "react-stripe-checkout": "^2.6.3",
    "react-stripe-elements": "^1.2.0",
    "react-transition-group": "^2.2.1",
    "redux": "^3.7.2",
    "redux-thunk": "^2.2.0",
    "sass-loader": "^6.0.6",
    "session-file-store": "^1.1.2",
    "styled-jsx": "^2.1.2",
    "timeme.js": "^2.0.3",
    "uuid": "^3.1.0",
    "webpack": "^3.8.1"
  }

Answer 1

我遇到了类似的问题，经过这个问题 node issue 并查看this section的底部 看起来不建议使用aes-256-ctr而不使用随机输入进行抖动。将此更新为另一种算法后，错误就消失了。

如果您不在代码中使用加密，我不确定您的哪个deps可能会抛出这个。它可能会出现搜索createCipher或aes-256-ctr。

Answer 2

你必须使用createCipheriv方法

Answer 3

似乎与Node 8和session-file-store模块有关的问题。

https://github.com/valery-barysok/session-file-store/issues/65

Answer 4

用于上述警告

var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
password = 'test@1234';
var iv = Buffer.from(Array.prototype.map.call(Buffer.alloc(16), () => {return Math.floor(Math.random() * 256)}));
var key = Buffer.concat([Buffer.from(password)], Buffer.alloc(32).length);
var cipher = crypto.createCipheriv(algorithm,password,iv)

在createCipheriv方法中，我们需要为iv创建一个缓冲区，并为包含密码的密钥创建一个缓冲区

代替

var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
password = 'test@1234';
var cipher = crypto.createCipher(algorithm,password)

，同时将数据转换为密码。 它将删除警告