This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Using the Java Cryptographic Extensions"
(Padding for AES Encryption?) |
(→AES mode on this page is insecure: new section) |
||
Line 5: | Line 5: | ||
Please let me know. | Please let me know. | ||
+ | |||
+ | == AES mode on this page is insecure == | ||
+ | |||
+ | The example for AES did not specify a mode which results in the default of ECB mode in most JCE providers!! I fixed that line and commented, but this will need some other work as it is not providing any Initialization Vector (IV) to the AES encryption since it was using ECB mode originally (bad). Will try to fix this with a working example. |
Revision as of 16:52, 27 May 2014
While performing AES encryption using SunJCE provider, I did not see usuage of the mode in the program provided. I have few questions: Do we really need to specify the mode when using AES? Does PaddingException happen with AES and how do we prevent the PaddingException?
Please let me know.
AES mode on this page is insecure
The example for AES did not specify a mode which results in the default of ECB mode in most JCE providers!! I fixed that line and commented, but this will need some other work as it is not providing any Initialization Vector (IV) to the AES encryption since it was using ECB mode originally (bad). Will try to fix this with a working example.