You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I am new to SmartTube, and when I was browsing the code I found some potential risks.
Random is used
In the file CachedContentIndex.java the Random is define here, and later it's used to generate the IV here.
It's not secure enough, and should switch to SecreRandom for better security.
Derive key from hash
In the file AesCipherDataSource.java the nonce is generated from hash here.
It cannot provide enough randomness and can be predictable. Generating the nonce by SecureRandom can be better.
The text was updated successfully, but these errors were encountered:
Hi, I am new to SmartTube, and when I was browsing the code I found some potential risks.
Random is used
In the file
CachedContentIndex.java
theRandom
is define here, and later it's used to generate the IV here.It's not secure enough, and should switch to
SecreRandom
for better security.Derive key from hash
In the file
AesCipherDataSource.java
the nonce is generated from hash here.It cannot provide enough randomness and can be predictable. Generating the nonce by
SecureRandom
can be better.The text was updated successfully, but these errors were encountered: