[Owasp-leaders] Poor crypto code in OWASP phpsec hurts our reputation

• Previous message: [Owasp-leaders] Initiative Bounty program - Heavier testing and requirements for Defender Libraries
• Next message: [Owasp-leaders] Poor crypto code in OWASP phpsec hurts our reputation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

See https://twitter.com/voodooKobra/status/669537889500311553 and the link in that message. 

According to the OWASP website the project is inactive, yet contributions are made on github, and there are no signs of the project status on github.
The crypto code is bad, as voodooKobra rightly points out. With a known key and iv, this encryption is useless.
And the code is referenced from stackoverflow++.

When deactivating a project we need to make sure the deactivation is clearly visble on github as well.

Best regards
Erlend Oftedal
OWASP Norway
@webtonull
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151125/3b0107e2/attachment.html>

• Previous message: [Owasp-leaders] Initiative Bounty program - Heavier testing and requirements for Defender Libraries
• Next message: [Owasp-leaders] Poor crypto code in OWASP phpsec hurts our reputation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]