Step 1: Understanding the Error
You upgrade to Node.js 24.7.0 and suddenly your encryption code breaks with this error:
const crypto = require('crypto');
const cipher = crypto.createCipher('aes-192-cbc', 'mySecretPassword');
let encrypted = cipher.update('Hello World', 'utf8', 'hex');
encrypted += cipher.final('hex');
console.log(encrypted);
Running this on your macOS terminal:
$ node encrypt.js
Error output:
node:internal/crypto/cipher:79
this[kHandle] = new LazyTransform().init(cipher, password);
^
Error: error:00000000:lib(0):func(0):reason(0)
at Cipher.createCipher (node:internal/crypto/cipher:79:38)
at Object.createCipher (node:crypto:153:10)
at Object.<anonymous> (/Users/username/project/encrypt.js:3:23)
[DEV-MODE] Deprecated function: crypto.createCipher
The code worked perfectly fine in Node.js 20.x, but Node.js 24.7.0 completely removed the deprecated createCipher and createDecipher methods. These functions were marked as deprecated since Node.js 10.x but finally removed in the 24.x series.
Step 2: Identifying the Cause
Node.js 24.7.0 enforces stricter cryptography standards by removing legacy functions that used weak key derivation. The createCipher method derived encryption keys directly from passwords using an outdated MD5 hashing mechanism, which is cryptographically insecure.
The core issues with the old method:
Problem 1: No Salt Usage
The old createCipher generated keys without salt, making it vulnerable to rainbow table attacks. Same password always produces same key.
Problem 2: Weak Key Derivation
MD5-based key derivation is computationally cheap, allowing brute-force attacks to test millions of passwords per second.
Problem 3: Missing IV Control
The initialization vector (IV) was derived from the password in a predictable way, further weakening the encryption.
Here's what happens under the hood with the deprecated method:
// What createCipher did internally (simplified)
const crypto = require('crypto');
function oldCreateCipher(algorithm, password) {
// Derives key using MD5 - INSECURE!
const key = crypto.createHash('md5').update(password).digest();
const iv = crypto.createHash('md5').update(key).update(password).digest();
// This creates predictable keys
return crypto.createCipheriv(algorithm, key.slice(0, 24), iv.slice(0, 16));
}
Node.js 24.7.0 wants you to use proper key derivation functions like PBKDF2 or scrypt.
Step 3: Implementing the Solution
Replace createCipher with createCipheriv using proper key derivation. Here's the modern approach:
const crypto = require('crypto');
// Configuration
const ALGORITHM = 'aes-256-cbc';
const PASSWORD = 'mySecretPassword';
const SALT_LENGTH = 32;
const IV_LENGTH = 16;
const KEY_LENGTH = 32; // 256 bits for aes-256
// Function to encrypt data
function encrypt(text, password) {
// Generate random salt for key derivation
const salt = crypto.randomBytes(SALT_LENGTH);
// Derive key using PBKDF2 with 100,000 iterations
const key = crypto.pbkdf2Sync(
password,
salt,
100000, // iterations
KEY_LENGTH,
'sha256'
);
// Generate random IV
const iv = crypto.randomBytes(IV_LENGTH);
// Create cipher with derived key and IV
const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
// Encrypt the data
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
// Return salt + iv + encrypted data as single string
// This format allows decryption without storing salt/iv separately
return salt.toString('hex') + ':' + iv.toString('hex') + ':' + encrypted;
}
// Function to decrypt data
function decrypt(encryptedData, password) {
// Split the encrypted data into components
const parts = encryptedData.split(':');
const salt = Buffer.from(parts[0], 'hex');
const iv = Buffer.from(parts[1], 'hex');
const encrypted = parts[2];
// Derive the same key using the stored salt
const key = crypto.pbkdf2Sync(
password,
salt,
100000,
KEY_LENGTH,
'sha256'
);
// Create decipher
const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
// Decrypt the data
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
// Usage example
const originalText = 'Hello World';
const encrypted = encrypt(originalText, PASSWORD);
const decrypted = decrypt(encrypted, PASSWORD);
console.log('Original:', originalText);
console.log('Encrypted:', encrypted);
console.log('Decrypted:', decrypted);
Running this on macOS terminal:
$ node encrypt-fixed.js
Original: Hello World
Encrypted: a3f2c8e9...d4b6:1f8e2d...9c3a:8f4a2b...e7d1
Decrypted: Hello World
The encrypted output includes three parts separated by colons:
- Salt (32 bytes in hex = 64 characters)
- IV (16 bytes in hex = 32 characters)
- Encrypted data (variable length)
Alternative Solution Using Scrypt
Node.js 24.7.0 also supports scrypt, which is more memory-intensive and resistant to hardware attacks:
const crypto = require('crypto');
function encryptWithScrypt(text, password) {
const salt = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);
// Scrypt key derivation - more secure than PBKDF2
const key = crypto.scryptSync(
password,
salt,
32, // key length
{
N: 16384, // CPU/memory cost
r: 8, // block size
p: 1 // parallelization
}
);
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
return salt.toString('hex') + ':' + iv.toString('hex') + ':' + encrypted;
}
function decryptWithScrypt(encryptedData, password) {
const parts = encryptedData.split(':');
const salt = Buffer.from(parts[0], 'hex');
const iv = Buffer.from(parts[1], 'hex');
const encrypted = parts[2];
const key = crypto.scryptSync(password, salt, 32, {
N: 16384,
r: 8,
p: 1
});
const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
// Test the scrypt implementation
const text = 'Sensitive Data';
const password = 'strongPassword123';
const encrypted = encryptWithScrypt(text, password);
const decrypted = decryptWithScrypt(encrypted, password);
console.log('Scrypt Encrypted:', encrypted);
console.log('Scrypt Decrypted:', decrypted);
Scrypt uses more memory and is slower, making brute-force attacks computationally expensive. Use scrypt when security is paramount and performance is less critical.
Migrating Existing Encrypted Data
If you have data encrypted with the old createCipher method, you need a migration strategy. You cannot directly decrypt old data with the new methods because the key derivation is different.
const crypto = require('crypto');
// Function to decrypt OLD encrypted data (Node.js < 24)
// Only use this temporarily for migration
function decryptOldFormat(encryptedHex, password) {
// Manually replicate old createDecipher behavior
const key = crypto.createHash('md5').update(password).digest();
const iv = crypto.createHash('md5').update(key).update(password).digest();
const decipher = crypto.createDecipheriv(
'aes-192-cbc',
key.slice(0, 24),
iv.slice(0, 16)
);
let decrypted = decipher.update(encryptedHex, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
// Migration script
function migrateEncryptedData(oldEncryptedData, password) {
console.log('Starting migration...');
// Decrypt using old method
const plaintext = decryptOldFormat(oldEncryptedData, password);
console.log('Decrypted old format successfully');
// Re-encrypt using new secure method
const newEncrypted = encrypt(plaintext, password);
console.log('Re-encrypted with new format');
return newEncrypted;
}
// Example migration
const oldData = '5f4dcc3b5aa765d61d8327deb882cf99'; // Old format
const newData = migrateEncryptedData(oldData, 'mySecretPassword');
console.log('Migration complete:', newData);
Run this migration script once to convert all your old encrypted data to the new format. Store the new encrypted values and remove the migration code afterwards.
Handling Environment-Specific Differences
The crypto module behavior can vary slightly across operating systems due to OpenSSL versions:
const crypto = require('crypto');
const os = require('os');
function checkCryptoSupport() {
const platform = os.platform();
console.log(`Platform: ${platform}`);
console.log(`Node version: ${process.version}`);
console.log(`OpenSSL version: ${process.versions.openssl}`);
// Check available ciphers
const ciphers = crypto.getCiphers();
console.log(`Total ciphers: ${ciphers.length}`);
// Verify aes-256-cbc is supported
if (ciphers.includes('aes-256-cbc')) {
console.log('✓ aes-256-cbc supported');
} else {
console.log('✗ aes-256-cbc NOT supported');
}
}
checkCryptoSupport();
On macOS:
$ node check-crypto.js
Platform: darwin
Node version: v24.7.0
OpenSSL version: 3.0.10
Total ciphers: 89
✓ aes-256-cbc supported
Linux and Windows should show similar results, but older systems might have different OpenSSL versions affecting available algorithms.
Common Pitfalls and Debugging Tips
Error: Invalid key length
// WRONG - key length doesn't match algorithm
const key = crypto.randomBytes(16); // 128 bits
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv); // needs 256 bits
// CORRECT - match key size to algorithm
const key = crypto.randomBytes(32); // 256 bits for aes-256
Error: Invalid IV length
// WRONG - IV length incorrect
const iv = crypto.randomBytes(32);
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
// CORRECT - CBC mode needs 16-byte IV
const iv = crypto.randomBytes(16);
Storing Encrypted Data
Always store salt and IV with your encrypted data. Without them, decryption is impossible:
// WRONG - losing salt and IV
const encrypted = encrypt(data, password);
database.save(encrypted.split(':')[2]); // Only saving encrypted part
// CORRECT - save complete string
const encrypted = encrypt(data, password);
database.save(encrypted); // Saves salt:iv:encrypted
Performance Considerations
PBKDF2 and scrypt are intentionally slow to prevent brute-force attacks. Adjust iteration counts based on your security needs:
// Fast but less secure (development only)
const keyFast = crypto.pbkdf2Sync(password, salt, 10000, 32, 'sha256');
// Balanced (recommended for most applications)
const keyBalanced = crypto.pbkdf2Sync(password, salt, 100000, 32, 'sha256');
// Slow but very secure (high-security applications)
const keySlow = crypto.pbkdf2Sync(password, salt, 500000, 32, 'sha256');
Test on your target hardware:
console.time('Key Derivation');
const key = crypto.pbkdf2Sync(password, salt, 100000, 32, 'sha256');
console.timeEnd('Key Derivation');
// Typical output: Key Derivation: 45ms
Aim for 50-100ms on your server hardware. This is fast enough for legitimate users but expensive for attackers.
Related Errors You Might Encounter
Error: error:1C800066 - unsupported algorithm
Node.js 24.7.0 removed several legacy algorithms. Replace them:
// REMOVED in 24.7.0: des, des3, rc4
// Use instead: aes-256-gcm, aes-256-cbc, chacha20-poly1305
Error: digital envelope routines::initialization error
This occurs when upgrading from OpenSSL 1.x to 3.x. Enable legacy provider if absolutely necessary:
$ export NODE_OPTIONS=--openssl-legacy-provider
$ node app.js
But better to update your code to use modern algorithms instead of enabling legacy mode.
The changes in Node.js 24.7.0 crypto module push developers toward more secure encryption practices. While it requires code updates, your applications will be significantly more resistant to cryptographic attacks. The new methods using proper key derivation should become your default approach for all new encryption code.