This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Using the Java Cryptographic Extensions"

From OWASP
Jump to: navigation, search
(Padding for AES Encryption?)
 
(AES mode on this page is insecure: new section)
Line 5: Line 5:
  
 
Please let me know.
 
Please let me know.
 +
 +
== AES mode on this page is insecure ==
 +
 +
The example for AES did not specify a mode which results in the default of ECB mode in most JCE providers!!  I fixed that line and commented, but this will need some other work as it is not providing any Initialization Vector (IV) to the AES encryption since it was using ECB mode originally (bad).  Will try to fix this with a working example.

Revision as of 16:52, 27 May 2014

While performing AES encryption using SunJCE provider, I did not see usuage of the mode in the program provided. I have few questions: Do we really need to specify the mode when using AES? Does PaddingException happen with AES and how do we prevent the PaddingException?

Please let me know.

AES mode on this page is insecure

The example for AES did not specify a mode which results in the default of ECB mode in most JCE providers!! I fixed that line and commented, but this will need some other work as it is not providing any Initialization Vector (IV) to the AES encryption since it was using ECB mode originally (bad). Will try to fix this with a working example.