Ahh, well, this is actually a field where I know a lot.
Since it is my job. Let me distill up thread.
1. Don’t implement the underlying crypto yourself
2. CBC is hard to get right
3. There are a lot of esoteric attacks and if you have a nation state attacking you they could exploit them, but they won’t because they will just put some crap on your systems and do it easier.
Also this is a very simple use case to get authenticated CBC correct with. So, the real answer is “don’t do this, but it is probably okay in this one use case, assuming they didn’t implement all of this themselves (e.g the crypto algorithms themselves)
You should still listen to tptacek though. Use an authenticated crypto mode :)
1. Don’t implement the underlying crypto yourself
2. CBC is hard to get right
3. There are a lot of esoteric attacks and if you have a nation state attacking you they could exploit them, but they won’t because they will just put some crap on your systems and do it easier.
Also this is a very simple use case to get authenticated CBC correct with. So, the real answer is “don’t do this, but it is probably okay in this one use case, assuming they didn’t implement all of this themselves (e.g the crypto algorithms themselves)
You should still listen to tptacek though. Use an authenticated crypto mode :)