You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently you encrypt messages using Cipher cipher = Cipher.getInstance(MessageEncryptionFactory.ENCRYPTION_ALGORITHM); with MessageEncryptionFactory.ENCRYPTION_ALGORITHM = "AES";
AES however defaults to ECB mode, which is not secure when we're talking about messages longer than 128 bit. E.g. "hiWorld!hiWorld!" would result in a regular pattern.
If you don't want to send an IV inside message (due to 160 char restriction), use a hard coded one. This way attackers could see that two SMS are the same, but at least are unable to identify patterns.
The text was updated successfully, but these errors were encountered:
Currently you encrypt messages using
Cipher cipher = Cipher.getInstance(MessageEncryptionFactory.ENCRYPTION_ALGORITHM);withMessageEncryptionFactory.ENCRYPTION_ALGORITHM = "AES";AES however defaults to ECB mode, which is not secure when we're talking about messages longer than 128 bit. E.g. "hiWorld!hiWorld!" would result in a regular pattern.
If you don't want to send an IV inside message (due to 160 char restriction), use a hard coded one. This way attackers could see that two SMS are the same, but at least are unable to identify patterns.
The text was updated successfully, but these errors were encountered: