Uploaded image for project: 'Stripes'
  1. STS-934

net.sourceforge.stripes.util.CryptoUtil does not implement crypto correctly

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Release 1.5.8
    • Fix Version/s: Release 1.6
    • Component/s: None
    • Labels:
      None

      Description

      net.sourceforge.stripes.util.CryptoUtil, multiple issues

      • does not implement AEAD cipher nor encrypt-then-mac techniques
      • encryption appears to be ECB-mode
      • 16 bit nonce
      • 16 bit hash
      • hash is not a cryptographic hash
      • hash is not a keyed mac
      • hash is performed on plaintext, not ciphertext

        Attachments

          Activity

            People

            • Assignee:
              rgrashel Rick Grashel
              Reporter:
              peter Peter Magnusson
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: