syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Encryptor + AES + key size
Date Mon, 17 Jul 2017 14:38:31 GMT
Yes why not. I will take care of it. What do you think about imposing a
size constraint on the secret key length as well?

Colm.

On Mon, Jul 17, 2017 at 3:34 PM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:

> On 17/07/2017 16:32, Colm O hEigeartaigh wrote:
>
>> Hi all,
>>
>> When AES is used as the cipher algorithm, and if the supplied secret key
>> length is < 16, Encryptor prints the debug message:
>>
>> "actualKey too short, adding some random characters"
>>
>> However the random characters are just 0s. I think instead we should be
>> using some random bytes instead! Optionally we could also impose a minimum
>> acceptable size on the secret key length, and throw an exception if it
>> does
>> not match this.
>>
>> WDYT?
>>
>
>
> +1
>
> Shall we fix this also on 1_2_X (besides 2_0_X and master)?
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message