emerose · January 15, 2010 22:22
diff --git a/ESAPI.properties b/ESAPI.properties
 # Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
 # use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
 # the IV does not need to be hidden from adversaries, it is important that the
 # adversary not be allowed to choose it. Also, random IVs are generally much more
 # secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
 # such as CFB and OFB use a different IV for each encryption with a given key so
 # in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
 # IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
 # uncomment the Encryptor.fixedIV.
 #
 # Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
 Encryptor.ChooseIVMethod=random
 # If you choose to use a fixed IV, then you must place a fixed IV here that
 # is known to all others who are sharing your secret key. The format should
 # be a hex string that is the same length as the cipher block size for the
 # cipher algorithm that you are using. The following is an example for AES
 # from an AES test vector for AES-128/CBC as described in:
 # NIST Special Publication 800-38A (2001 Edition)
 # "Recommendation for Block Cipher Modes of Operation".
 # (Note that the block size for AES is 16 bytes == 128 bits.)
 #
 Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
	# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
	# (All cipher modes except ECB require an IV.) There are two choices: we can either
	# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
	# the IV does not need to be hidden from adversaries, it is important that the
	# adversary not be allowed to choose it. Also, random IVs are generally much more
	# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
	# such as CFB and OFB use a different IV for each encryption with a given key so
	# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
	# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
	# uncomment the Encryptor.fixedIV.
	#
	# Valid values: random\|fixed\|specified 'specified' not yet implemented; planned for 2.1
	Encryptor.ChooseIVMethod=random
	# If you choose to use a fixed IV, then you must place a fixed IV here that
	# is known to all others who are sharing your secret key. The format should
	# be a hex string that is the same length as the cipher block size for the
	# cipher algorithm that you are using. The following is an example for AES
	# from an AES test vector for AES-128/CBC as described in:
	# NIST Special Publication 800-38A (2001 Edition)
	# "Recommendation for Block Cipher Modes of Operation".
	# (Note that the block size for AES is 16 bytes == 128 bits.)
	#
	Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
No results found