#204 Improve Encryption used by FlexWiki.Security

FlexWiki
closed-fixed
John Davidson
5
2008-10-19
2008-10-19
John Davidson
No

FlexWiki.Security uses RC2 with a weak implementation of key generation, making it vulnerable to attacks against the CAPTCHA implementation

Discussion

  • John Davidson
    John Davidson
    2008-10-19

    Build 2.1.0.273

    Changed the CSP to RinjdaelManaged from RC2 and revised the algorithm for key generation so that it was not just the passphrase converted to a byte array, but generated by PasswordDeriveBytes using an MD5 hash.

    Added a unit test for Encrypt/Decrypt.

     
  • John Davidson
    John Davidson
    2008-10-19

    • status: open --> closed-fixed