Fork and VM clone safety

Affected Versions
All Tink versions
Affected Key Types


In general, Tink does not aim to provide security if the program does calls to the UNIX fork() system call, or if the program is cloned on a virtual machine and then executed multiple times from the same state.

The only concrete problem is known for Streaming AEAD, key type AES-GCM-HKDF. In this case, such an attack can lead to Tink encrypting different plaintext with AES GCM using the same nonce, which is known to leak the authentication key.