You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I am currently looking into projects on github which are parametrically misusing cryptographic APIs for my research and I came across a few instances in your project where I found such misuses. These misuses have been highlighted in research papers such as
Hi, I am currently looking into projects on github which are parametrically misusing cryptographic APIs for my research and I came across a few instances in your project where I found such misuses. These misuses have been highlighted in research papers such as
In your source code file DesEncrypter.java there is a function "DesEncrypter(String, byte[])" and at line 44:
where the iterationCount defined is 17 which is not the recommended value i.e. 1000
In another file AES.java there are two functions encrypt(byte[], string) and decrypt(byte[], string) with following misuses at line 34 and 49:
First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
In another file MD5Util.java there are two functions encrypt(byte[], string) and decrypt(byte[], string) with following misuses at line 50:
First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
I believe fixing these issues would help your product be more secure.
The text was updated successfully, but these errors were encountered: