Hi again, I just browsed the code. The CipherService::decrypt method is only used once, which is in AbstractRememberMeManager::decrypt.
That makes an even less API breaking change, but it still is: CipherService::decrypt. Also, to make it more secure, you'd need another breaking change: the encrypt method takes a byte[] but could also take a ByteSourceBroker. But from a security standpoint, this method is a little less important, because the decrypt method will be called much more often. If you have any questions, I will be happy to help. Best regards, Ben Am So., 19. Jan. 2020 um 18:50 Uhr schrieb Benjamin Marwell <[email protected]>: > > Hello all, > > I was beginning to port this PR: > https://github.com/apache/shiro/pull/36 > > It is quite straightforward. I just got a single API question. > > I found that the decrypt method doesn't throw the cryptoException anymore. > > There are multiple ways to fix this: > > 1. Go ahead and document the new behaviour. > Custom implementations of cipher might break or need adjustment. > > 2. Try to decrypt and wipe immediately. This will throw the exception as > early as before, but now the cipher text is decrypted twice. > > 3. Drop the PR because of the breaking change. Maybe wiping deciphered text > is not that important anymore? > > 4. Release as shiro 2.x > > I do not agree with both breaking changes and not wiping the array. Sonce > most users do not implement custom ciphers, I'd go for option 1. > > > Original issue: > https://issues.apache.org/jira/plugins/servlet/mobile#issue/SHIRO-349 > > Best regards, > Ben
