Insecure IV Handling (CBC), Weak Key Derivation, and ECB Mode Usage

[EhsanFir]

We are security researchers at Digit Institute in Germany. In reviewing [mica-core/src/main/java/net/dreamlu/mica/core/utils/AesUtil.java], we found several security issues:

1. IV Handling in CBC Mode
Current (Vulnerable) Code (line 157) :

IvParameterSpec iv = new IvParameterSpec(Arrays.copyOfRange(aesKey, 0, 16)); //  BAD: IV derived from key
cipher.init(mode, keySpec, iv);

Problem:

The IV must be random and unique for each encryption. Using a key-derived IV enables CBC-specific attacks (e.g., CVE-2015-2808, padding oracle).

Recommendation:

Generate a random IV per encryption, and prepend/store with ciphertext:

SecureRandom random = new SecureRandom();
byte[] ivBytes = new byte[16];
random.nextBytes(ivBytes);
IvParameterSpec iv = new IvParameterSpec(ivBytes);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv);
// prepend ivBytes to ciphertext

2. Weak Key Derivation
Current (Insecure) Code:

final byte[] finalKey = new byte[16];
int i = 0;
for (byte b : key) { finalKey[i++ % 16] ^= b; } //  Weak "folding" derivation

Problem:

Not a secure key derivation function. Vulnerable to brute-force attacks.

3. ECB Mode Usage
Current Code:

Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // ECB leaks patterns
Problem:

ECB does not conceal plaintext structure and is insecure for almost all data.