Re: Java encryption implementation

Sebastian Gottschalk wrote:
> Besides that, the class itself is insecure as hell. One can easily extend
> it, serialize everything and either extract the password fromt he
> bytestream or deserialize it into public variables. Not to metion that by
> calling encrypt() with an empty byte[] and false moves the password to
> seed, therefore allowing to easily extract the password as initial seed
> value.

What's the threat model in which this is significant? The attacker not
only gets to load executable code, but gets to replace one
implementation with another? A few "final"s and "private"s aren't going
to help with that.

Brian
Received on Sat Dec 3 04:20:04 2005