android-wallet-app icon indicating copy to clipboard operation
android-wallet-app copied to clipboard

Published 20 hours ago verified publisher icon iotaledger

TO DELETE

Open tasbin opened this issue 7 years ago • 3 comments

DELETED

tasbin avatar Aug 24 '17 13:08 tasbin

Hi I would like to try to fix it ? Could someone advice how to proceed? Do we just need to create a random Byte array?

pranaysharma avatar Feb 09 '18 04:02 pranaysharma

after reading this: https://medium.com/@tiensinodev/basic-android-encryption-dos-and-don-ts-7bc2cd3335ff https://stackoverflow.com/questions/31036780/android-cryptography-api-not-generating-safe-iv-for-aes https://stackoverflow.com/questions/29267435/generating-random-iv-for-aes-in-java

i think maybe something like this should work:

SecureRandom r = new SecureRandom();
byte[] ivBytes = new byte[16];
r.nextBytes(ivBytes);

cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(ivBytes));

but i have no idea how to replace the line51 with the above to keep it safe, so no pull request from my side

designer2k2 avatar Feb 09 '18 15:02 designer2k2

Looks like SecureRandom will work but there's one possible problem with that. According to the Java docs (https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html) SecureRandom could possibly block the thread that calls .nextBytes(...). I haven't dived into where the constructor lies for this class but if it's on a thread such as the main UI thread then the solution might not be as simple as a one-liner

dee12452 avatar Feb 13 '18 15:02 dee12452