This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Using the Java Cryptographic Extensions

From OWASP
Revision as of 16:52, 27 May 2014 by Jaxley (talk | contribs) (AES mode on this page is insecure: new section)

Jump to: navigation, search

While performing AES encryption using SunJCE provider, I did not see usuage of the mode in the program provided. I have few questions: Do we really need to specify the mode when using AES? Does PaddingException happen with AES and how do we prevent the PaddingException?

Please let me know.

AES mode on this page is insecure

The example for AES did not specify a mode which results in the default of ECB mode in most JCE providers!! I fixed that line and commented, but this will need some other work as it is not providing any Initialization Vector (IV) to the AES encryption since it was using ECB mode originally (bad). Will try to fix this with a working example.