[Esapi-dev] HMAC validation bypass in ESAPI Symetric Encryption

Jim Manico jim.manico at owasp.org
Tue Dec 3 22:11:41 UTC 2013

> In the meantime, or actually I should say regardless, I would recommend
> using CCM or GCM cipher modes rather than CBC mode.

Are these supported well enough today? Google KeyCzar is still using CBC

More information about the Esapi-dev mailing list