:crypto.hash is definitely digging in the wrong spot.
The post from @ChristopheBelpaire almost has it, but the cipher + mode need to match the defaults that encrypt is using:
- it appears to pick the block size based on the key, so a 32-byte key → AES-256
- the default
AESModeisSIC, also known asCTR
In addition, the given IV has an explicit \ in it, so it needs to be written as \\ inside ".
Putting it all together:
secret = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"
iv = "}Lq5Wu~nkr\\Vdfm~"
payload = Base.decode64!("rMCS4wiyvQH7nXx6slP6rA==")
:crypto.crypto_one_time(:aes_256_ctr, secret, iv, payload, false)
# result: "Fantastic\a\a\a\a\a\a\a"
HOWEVER
Using a fixed IV in CTR mode is BAD. Real bad. The original code you posted gets the IV from dotenv, which leads me to believe the same value is used for every encryption.
Reusing an IV for CTR mode means that an attacker that knows ONE plaintext and the corresponding ciphertext can read ANY shorter ciphertext, because the “key stream” is identical for every encryption operation.
A demonstration:
defmodule CompareStream do
def to_bytes(s) do
for <<x::8 <- s>>, do: x
end
def xor(s1, s2) do
[to_bytes(s1), to_bytes(s2)]
|> Enum.zip()
|> Enum.map(fn {b1, b2} -> Bitwise.bxor(b1, b2) end)
end
end
secret = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"
iv = "}Lq5Wu~nkr\\Vdfm~"
payload = Base.decode64!("rMCS4wiyvQH7nXx6slP6rA==")
message = :crypto.crypto_one_time(:aes_256_ctr, secret, iv, payload, false)
other_message = "lolwut\a\a\a\a\a\a\a\a\a\a"
other_payload = :crypto.crypto_one_time(:aes_256_ctr, secret, iv, other_message, true)
CompareStream.xor(message, payload) |> IO.inspect(label: "first key stream")
CompareStream.xor(other_message, other_payload) |> IO.inspect(label: "second key stream")
This prints:
first key stream: [234, 161, 252, 151, 105, 193, 201, 104, 152, 154, 123, 125, 181, 84, 253, 171]
second key stream: [234, 161, 252, 151, 105, 193, 201, 104, 152, 154, 123, 125, 181, 84, 253, 171]
Generally, you want to use a mode like CTR with an IV that is sent along with the encrypted result and “never” reused. I put “never” in quotes because most implementations settle for something like a 128-bit cryptographically-random number, which could technically repeat if you collected about 2^64 of them but is close enough to “never” for most purposes.






















