Andreas Lehmkühler created PDFBOX-4191:
------------------------------------------
Summary: Initialization vectors should be randomly generated for
proper security guarantees
Key: PDFBOX-4191
URL: https://issues.apache.org/jira/browse/PDFBOX-4191
Project: PDFBox
Issue Type: Bug
Components: Crypto
Affects Versions: 2.0.9, 3.0.0 PDFBox
Reporter: Andreas Lehmkühler
Assignee: Andreas Lehmkühler
Rumen Paletov creates the following issue for Android-Pdfbox on github:
{quote}
As part of some research about the [common crypto mistakes that developers
make|https://littlemaninmyhead.wordpress.com/2017/04/22/top-10-developer-crypto-mistakes/],
I noticed that your application has one of them.
In StandardSecurityHandler.prepareEncryptionDictRev6 you're initializing Cipher
instances with a static IV of 0s which is insecure. More details about this
issue and how to fix it are available
[here|https://doridori.github.io/Android-Security-Beware-of-the-default-IV/#sthash.SoPUiacY.dpbs].
{quote}
This is true for "our" PDFBox as well
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
