On 2016-12-23 13:28:33 +0100, RedTeam Pentesting GmbH wrote: > res = apr_crypto_passphrase(&key, &ivSize, passphrase, > strlen(passphrase), (unsigned char *) (&salt), sizeof(apr_uuid_t), > *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); CBC. Again. The earliest mention of CFB which I know is dated 1989. The earliest mention of CTR which I know is dated 1990-ies. But there still are people who use CBC... Please, PLEASE, PPLEEEEAASSSE don't use it. Instead, use either Blowfish in CFB mode or at least Rijndael (AES) in CTR (or GCM) mode - both are available, for example, in the OpenSSL library.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment