github
/
apprise
mirror of https://github.com/caronc/apprise
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated Notify_simplepush (markdown)

master
Chris Caron 2024-10-03 21:38:50 -04:00
parent ba96524751
commit ba7275ab8e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Notify_simplepush.md

@ -8,6 +8,13 @@ SimplePush is a pretty straight forward messaging system you can get for your An
You can optionally add additional notification encryption in the settings where it provides you with a **{salt}** value and allows you to configure/set your own encryption **{password}**. You can optionally add additional notification encryption in the settings where it provides you with a **{salt}** value and allows you to configure/set your own encryption **{password}**.
### :lock: AES-CBC-128 Encryption Weakness
The Apprise team recognizes that the encryption used by this plugin is AES-CBC-128 which has been identified to have weaknesses including being vulnerable to the padding oracle attack ([Reference](https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/#aes-gcm-vs-aes-cbc)).
If the level of encryption is not satisfactory to you, your options are reach out to SimplePush to improve their security (to which Apprise can accomodate), or choose not to use Simple Push.
What is important to identify is this weak encryption is required to use this plugin, and does not have any cascading effect or impact any other secure notification service also supported by Apprise.
### Syntax ### Syntax
Valid authentication syntaxes are as follows: Valid authentication syntaxes are as follows:
* `spush://{apikey}/` * `spush://{apikey}/`