Details

      Description

      I encountered couple of issues with cryptography used for password masking:

      • implementation of masked passwords drops initialization vector (IV) randomly generated by the javax.crypto.Cipher which makes unmasking (decryption) impossible.
      • the implementation is using the same algorithm for key derivation and encryption, which is not possible as there is no encryption support in javax.crypto.Cipher for PKDBF2 family of algorithms, they are supported only in javax.crypto.SecretKeyFactory

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  aabdelsa Ashley Abdel-Sayed
                  Reporter:
                  zregvart Zoran Regvart
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: