Add authentication
Opened this issue · 0 comments
Vinc0682 commented
The messages are currently not autheticated thus potentially allowing padding oracle attacks or other malicious modifications of the message. To fix this apply a message authentication code (MAC) like HMAC-SHA256 onto the ciphertext and verify it BEFORE decrypting the message.