I never got any response on this, but it seems that the problem was nothing special with Shiro as I was able to reproduce it with just the bare Cipher using the BouncyCastle provider.
What I wound up doing was something similar but not identical to initialization vector, which is that I generate the salt at random and put the salt at the front of the encrypted byte array. Then to decrypt, I pull the salt off the front and use it to decrypt the rest of the array. I'm not a security expert, so I don't know if I'm giving up a lot by using this workaround. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Initialization-Vector-doesn-t-appear-to-be-doing-it-s-job-for-me-tp7577553p7577587.html Sent from the Shiro User mailing list archive at Nabble.com.
