We're updating the issue view to help you get more done. 

net.sourceforge.stripes.util.CryptoUtil does not implement crypto correctly

Description

net.sourceforge.stripes.util.CryptoUtil, multiple issues

  • does not implement AEAD cipher nor encrypt-then-mac techniques

  • encryption appears to be ECB-mode

  • 16 bit nonce

  • 16 bit hash

  • hash is not a cryptographic hash

  • hash is not a keyed mac

  • hash is performed on plaintext, not ciphertext

Environment

None

Status

Assignee

Rick G

Reporter

Peter Magnusson

Labels

None

Tester

None

Fix versions

Affects versions

Release 1.5.8

Priority

Major