I have also been flagged for vulnerable padding being used in my Huawei proprietary libraries and using. I would like to understand if upgrading the Huawei library will help remediate this vulnerability?
Incorporate a secure checksum known as a Message Authentication Code. This MAC is typically produced by a secure "keyed hash", using the same key that encrypted the message. The message is first encrypted, and then the ciphertext, along with information about how it was encrypted such as the cipher algorithm, cipher mode, key size, block size and IV, is hashed using the MAC algorithm and the same key.
I have also been flagged for vulnerable padding being used in my Huawei proprietary libraries and using. I would like to understand if upgrading the Huawei library will help remediate this vulnerability?
code snippet Cipher cipher = Cipher.getInstance("AES/CBC/PKS5Padding")
Recommendation
Incorporate a secure checksum known as a Message Authentication Code. This MAC is typically produced by a secure "keyed hash", using the same key that encrypted the message. The message is first encrypted, and then the ciphertext, along with information about how it was encrypted such as the cipher algorithm, cipher mode, key size, block size and IV, is hashed using the MAC algorithm and the same key.