On 17/07/2017 16:32, Colm O hEigeartaigh wrote:
Hi all,
When AES is used as the cipher algorithm, and if the supplied secret key
length is < 16, Encryptor prints the debug message:
"actualKey too short, adding some random characters"
However the random characters are just 0s. I think instead we should be
using some random bytes instead! Optionally we could also impose a minimum
acceptable size on the secret key length, and throw an exception if it does
not match this.
WDYT?
+1
Shall we fix this also on 1_2_X (besides 2_0_X and master)?
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/