Hi Steve,
thanks so much for your feedback. We will change the AES implementation
asap, and Stanford's JS Crypto is a perfect candidate. Thanks for
pointing it out.
We have looked at the SecureDocs project, but the code at their web only
works with old Firefox version. Do you know whether the
Hi. SafeGDocs appears to use a unsafe implementation of AES-CTR mode from
here:
http://www.movable-type.co.uk/scripts/aes.html
Two problems with this library:
- It generates a predictable CTR mode IV using time of day.
- There is apparently no authentication of the ciphertext, which in CTR
mode