Yes why not. I will take care of it. What do you think about imposing a size constraint on the secret key length as well?
Colm. On Mon, Jul 17, 2017 at 3:34 PM, Francesco Chicchiriccò <ilgro...@apache.org > wrote: > On 17/07/2017 16:32, Colm O hEigeartaigh wrote: > >> Hi all, >> >> When AES is used as the cipher algorithm, and if the supplied secret key >> length is < 16, Encryptor prints the debug message: >> >> "actualKey too short, adding some random characters" >> >> However the random characters are just 0s. I think instead we should be >> using some random bytes instead! Optionally we could also impose a minimum >> acceptable size on the secret key length, and throw an exception if it >> does >> not match this. >> >> WDYT? >> > > > +1 > > Shall we fix this also on 1_2_X (besides 2_0_X and master)? > > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
