Initialization vectors should be randomly generated for proper security guarantees.

As part of some research about the [common crypto mistakes that developers make](https://littlemaninmyhead.wordpress.com/2017/04/22/top-10-developer-crypto-mistakes/), I noticed that your application has one of them.

In [TripleDES](https://github.com/cymcsg/UltimateAndroid/blob/678afdda49d1e7c91a36830946a85e0fda541971/UltimateAndroid/ultimateandroid/src/main/java/com/marshalchen/ua/common/commonUtils/urlUtils/TripleDES.java) you're initializing Cipher instances with a [static IV](https://github.com/cymcsg/UltimateAndroid/blob/678afdda49d1e7c91a36830946a85e0fda541971/UltimateAndroid/ultimateandroid/src/main/java/com/marshalchen/ua/common/commonUtils/urlUtils/TripleDES.java#L144) which is insecure. More details about this issue and how to fix it are available [here](https://doridori.github.io/Android-Security-Beware-of-the-default-IV/#sthash.SoPUiacY.dpbs).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Initialization vectors should be randomly generated for proper security guarantees. #28

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Initialization vectors should be randomly generated for proper security guarantees. #28

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions