AESCipher initializes with:
this.cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(cipher));
CBC is subject to Padding Oracle attacks
(https://blog.skullsecurity.org/2013/padding-oracle-attacks-in-depth).
It would probably be worthwhile porting over SICBlockCipher (bouncy castle's
CTR mode) and switching the default to CTR.
Original issue reported on code.google.com by quickte...@gmail.com on 14 Feb 2014 at 12:14
Original issue reported on code.google.com by
quickte...@gmail.com
on 14 Feb 2014 at 12:14