Insecure use of unauthenticated encryption - potential message forgery/plaintext recovery

[tarcieri]

This gem uses unauthenticated AES-CBC encryption:

https://github.com/chicks/aes/blob/master/lib/aes/aes.rb#L126

AES-CBC is not an authenticated encryption mode and is vulnerable to chosen ciphertext attacks including message forgery and potentially plaintext recovery.

At the very least, AES-GCM should be the default mode.