I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();
private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES"); line 52
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
core/java/src/net/i2p/crypto/CryptixAESEngine.java
Open this link in a new tab
2 steps in 1 file
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[core/java/src/net/i2p/crypto/CryptoCheck.java]
private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();
private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES");
line 53
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
core/java/src/net/i2p/crypto/CryptixAESEngine.java
KeyFactory kf = KeyFactory.getInstance("RSA");
// private key is modulus (pubkey) + exponent
BigInteger[] nd = split(pk.getData());
// modulus exponent
KeySpec ks = new RSAPrivateKeySpec(nd[0], nd[1]);
line 513
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[core/java/src/net/i2p/crypto/SigUtil.java]
Are you talking about the array of bytes? If that's the case these are best described as hardcoded non-secrets, these are expressly null values of these keys. Likely not a bug.
private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead. core/java/src/net/i2p/crypto/CryptixAESEngine.java Open this link in a new tab 2 steps in 1 file
Hardcoded Secret
} catch (NoSuchMethodError nsme) { // JamVM, gij try { Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); SecretKeySpec key = new SecretKeySpec(new byte[32], "AES"); 27 line
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead. [core/java/src/net/i2p/crypto/CryptoCheck.java]
private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();
line 53
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead. core/java/src/net/i2p/crypto/CryptixAESEngine.java
KeyFactory kf = KeyFactory.getInstance("RSA"); // private key is modulus (pubkey) + exponent BigInteger[] nd = split(pk.getData()); // modulus exponent KeySpec ks = new RSAPrivateKeySpec(nd[0], nd[1]); line 513
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead. [core/java/src/net/i2p/crypto/SigUtil.java]