[Owasp-leaders] Poor crypto code in OWASP phpsec hurts our reputation

erlend.oftedal at owasp.org erlend.oftedal at owasp.org
Wed Nov 25 17:50:24 UTC 2015


See https://twitter.com/voodooKobra/status/669537889500311553 and the link in that message. 

According to the OWASP website the project is inactive, yet contributions are made on github, and there are no signs of the project status on github.
The crypto code is bad, as voodooKobra rightly points out. With a known key and iv, this encryption is useless.
And the code is referenced from stackoverflow++.

When deactivating a project we need to make sure the deactivation is clearly visble on github as well.

Best regards
Erlend Oftedal
OWASP Norway
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151125/3b0107e2/attachment.html>

More information about the OWASP-Leaders mailing list