Fork and VM clone safety

Affected Versions: All Tink versions
Affected Key Types: Streaming AEAD, AES-GCM-HKDF

Description

In general, Tink does not aim to provide security if the program does calls to the UNIX fork() system call, or if the program is cloned on a virtual machine and then executed multiple times from the same state.

The only concrete problem is known for Streaming AEAD, key type AES-GCM-HKDF. In this case, such an attack can lead to Tink encrypting different plaintext with AES GCM using the same nonce, which is known to leak the authentication key.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-07-11 UTC.