flutter_secure_storage icon indicating copy to clipboard operation
flutter_secure_storage copied to clipboard

Published 20 hours ago verified publisher icon mogol

Why aesPreferencesKey is hardcoded?

Open ilya-kuznetsov-tabby opened this issue 5 months ago • 0 comments

Hi! Could you please tell me why aesPreferencesKey is hardcoded and why it's even needed? I'm passing through security audit and pen-testers were able to grep

    protected String getAESPreferencesKey() {
        return "VGhpcyBpcyB0aGUga2V5IGZvciBhIHNlY3VyZSBzdG9yYWdlIEFFUyBLZXkK";
    }

that is hardcoded in the file flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/ciphers/StorageCipher18Implementation.java

I'm trying to get an idea what it does, so please consider this issue as a discussion 🙏 Any comments?

ilya-kuznetsov-tabby avatar Jun 11 '25 13:06 ilya-kuznetsov-tabby