Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1533

Initialization vectors should be randomly generated

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.3.0
    • Component/s: Core

      Description

      In AesEncryptor.cipher you’re initializing a Cipher instance with a static IV2 which is insecure.

      One possible solution would be to generate the initialization vector using SecureRandom:

      byte[] iv = new byte[16];
      new SecureRandom().nextBytes(iv);

        Attachments

          Activity

            People

            Assignee:
            gdt Greg Thomas
            Reporter:
            wroot wroot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: