-
For some commands, replaying contexts may lead to potential attacks.
(For instance, with AES GCM, submitting a context with the same CMID but a new plaintext could reveal other plaintext that was s…
-
rv = Cipher.getInstance("AES/CBC/NoPadding");
The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode
line 272
core/java/src/net/i2p…
-
The class DefaultJedisClientConfig overrides the getPassword method that returns a String.
Returning a string might be considered a potential security issue since an attacker might inspect the heap a…
-
This feature request was originally reported on the (now obsolete and offline) **trac** ticketing system of hashcat.net.
---
| Ticket details: | |
| --- | --- |
| Original reporter (OP): | RC4_Supp…
-
StartTLS must only be used when the server has the STARTTLS capability. Considering the fact that connection has already commenced, the only option would be to terminate the connection again.
-
To implement a kernel for a generic Grain 128a plainttext attack.
take input [known plaintext : encrypted text] (PT:CT)
compare result bytes with specified user known-plaintext
---if…
-
Citing from the project README:
> Encryption. After compression (but before upload), all data can be AES encrypted with a 256 bit key. An additional SHA256 HMAC checksum is used to protect the data…
-
## Description
Addition of Blockchain / Crypto Related Vulnerabilities from protocols, smart contracts, and zero knowledge.
## Changes
**Decentralized Application Misconfiguration**
Decentra…
-
It would be a good idea to use multiple forms of encryption to encrypt the data.
-
**Description**
As noted in the documentation, https://pkg.go.dev/crypto/x509#EncryptPEMBlock
`Deprecated: Legacy PEM encryption as specified in [RFC 1423](https://rfc-editor.org/rfc/rfc1423.h…