On 17/07/2017 16:38, Colm O hEigeartaigh wrote:
Yes why not. I will take care of it. What do you think about imposing a
size constraint on the secret key length as well?
I don't have any strong opinion WRT this, I'll trust your experience,
then :-)
Regards.
On Mon, Jul 17, 2017 at 3:34 PM, Francesco Chicchiriccò <ilgro...@apache.org>
wrote:
On 17/07/2017 16:32, Colm O hEigeartaigh wrote:
Hi all,
When AES is used as the cipher algorithm, and if the supplied secret key
length is < 16, Encryptor prints the debug message:
"actualKey too short, adding some random characters"
However the random characters are just 0s. I think instead we should be
using some random bytes instead! Optionally we could also impose a minimum
acceptable size on the secret key length, and throw an exception if it
does
not match this.
WDYT?
+1
Shall we fix this also on 1_2_X (besides 2_0_X and master)?
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
