As part of publishing the app, we have scan the APK with veracode and found below issues. If these are taken care that will be helpful on security aspects.
1. CipherStorageBase.java
Description: Initialization vector being used here is not cryptographically strong for the underlying primitive's encryption output.
Remediation: Make sure its cryptographically generated using a good random number generator algorithm and seeded with OS generated entropy. Length of initialization vector should be same as the size of the underlying block on which the cipher works. For AES with GCM mode use a initialization vector of 96 bits, and for almost all other modes use 128 bits, for stream ciphers Salsa/ChaCha family initialization vector size should be 96 bits, and XSalsa and XChacha use 192 bits of vector size.
2. CipherStorageBase.java
Description: Initialization vector being used here is not cryptographically strong for the underlying primitive's encryption output.
Remediation: Make sure its cryptographically generated using a good random number generator algorithm and seeded with OS generated entropy. Length of initialization vector should be same as the size of the underlying block on which the cipher works. For AES with GCM mode use a initialization vector of 96 bits, and for almost all other modes use 128 bits, for stream ciphers Salsa/ChaCha family initialization vector size should be 96 bits, and XSalsa and XChacha use 192 bits of vector size.
Thanks for the great library.
As part of publishing the app, we have scan the APK with veracode and found below issues. If these are taken care that will be helpful on security aspects.
1. CipherStorageBase.java
2. CipherStorageBase.java