Comments (5)
Reminds me of Uber. Back on topic, what's funny is this is the same code that's on stackoverflow > https://stackoverflow.com/questions/202011/encrypt-and-decrypt-a-string/10366194 (except FIDO's seems to be updated a bit more) scroll down to the first answer and compare the 2.
Also notice the salt is the same, so they could have changed the salt in their production code. It may be safer to change the salt, but considering the encryption I can't say if it honestly matters. AES shouldn't be that easily breakable just because you have the salt. I would say someone with a lot more experience would need to answer that for better information. I just wanted to reply mainly because i just saw this on StackOverflow last friday (question was asked 6 years ago w/ last edit in Oct 2013).
from fido.
@sarciszewski Thanks for the heads up, this missed my checklist. In a different branch I was using a simple algorithm to create a salt based on local attributes. I'll get that merged back in.
@dakre18, you are correct. The attribution inside this file is missing. Because we don't have a UI I ended up removing much of the encrypt/decrypt functionality, so this class currently is sparsely used. But the intention in the future is to encrypt/decrypt with this class, or something similar, when it comes to sensitive values.
Both points are valid and will be updated, thank you for your feedback.
from fido.
why did you copy code from stackoverflow into your "security product" in the first place
moreover, this makes me wonder where else you have copied code that is used in some of your products from
from fido.
Kind of a late response, but @blackwat3r I would check what his response was to me. That would show he was planning on using it at some point, but currently is not. Normally when you copy and paste code from the internet, you change it to meet your needs (if needed).
The best way i can put it is why reinvite the wheel? It's fairly common for me to hear that about a lot of things, but this works very well in programming. Why recreate a class that someone else has made and works great?
Also you need to remember when it comes to security, it's best to get working code that's been tested, since you don't want to open up holes in your security because you don't know what you are doing or haven't tested it thoroughly enough.
I hope that clarifies it a bit, even if this response it a bit late.
from fido.
This appears unfixed, six months later.
from fido.
Related Issues (20)
- FIDO windows installation HOT 9
- Integrating CloudSlang for Enforcement ? HOT 2
- static salts for crypto in your "security project" !== secure
- Re-purpose FIDO to create a patch intelligence system
- Broken / Incorrect Wiki link
- Database document inconsistency
- The development of Fido ongoing? HOT 12
- Fido/Fido_Support/Network/Fido_NetSegments.cs, Responsegroup method has buggy decision statements
- Sorry but get disappointed to see this level of coding in NetFlix. HOT 2
- Security issue with AES_Crypto.cs and licensing issues HOT 1
- missing documentation ubuntu-installation HOT 2
- Why the software history was not kept? HOT 1
- Question: Bro/Snort Integration Status? HOT 1
- Is this really working.?
- I am not able to compile the code and begin installation HOT 1
- Is FIDO dead?
- Ubuntu Install Docs HOT 4
- Suricata Support HOT 2
- Database HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fido.