Main example is very flawed?

[OGmetamonkey]

I believe the main page AES example for this library results in security flaws. The main example uses this libraries default AES encryption method and is shown below:

import 'package:encrypt/encrypt.dart';

void main() {
  final plainText = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit';
  final key = Key.fromUtf8('my 32 length key................');
  final iv = IV.fromLength(16);

  final encrypter = Encrypter(AES(key));

  final encrypted = encrypter.encrypt(plainText, iv: iv);
  final decrypted = encrypter.decrypt(encrypted, iv: iv);

  print(decrypted); // Lorem ipsum dolor sit amet, consectetur adipiscing elit
  print(encrypted.base64); // R4PxiU3h8YoIRqVowBXm36ZcCeNeZ4s1OvVBTfFlZRdmohQqOpPQqD1YecJeZMAop/hZ4OxqgC1WtwvX/hP9mw==
}

The AES mode above is AES/SIC/PKCS7 per AES.dart.

Please correct me if I am wrong. Doesn't utilizing this method as implemented in the example have the following security flaws?

1. The IV uses the same input every time (0) and does not utilize a random generator function 2. PKCS7 padding is used even though this is a stream cipher mode. 3. No authenticity/integrity checks. Is there a GCM implementation? 4. What is the difference in the provided SIC and CTR modes? **5. Given key derivation approach pads the key with "..." until it reaches 32 bytes. Is there a better key derivation function available? (Such as PBKDF2)