It doesn't seem intuitive to me that Aes is a stateless object. You can create an instance of it with a BlockMode, which seems to imply to me that several encrypt/decrypt of the same data would produce different results each time.

If Aes is going to remain stateless, it would be nice to be explicity about this in the docs.

Documentation is awful.

For instance, sign says it returns a string, but if it fails, it clearly returns false. No where in the documentation that I can find does it tell me to check for false, and thus, I'm left wondering if that's the only thing that indicates failure especially when it returns calls to two different other functions.

Preface: I am not an expert in encryption, so sorry for any inaccuracies with how I am describing the issue here.

In the documentation, it states:

// Note: CBC and ECB modes use PKCS#7 padding as default

Is it possible to configure what padding is used? I am working with a system where they are not expecting padding. Is that something that even makes sense/is possible?

Is your feature request related to a problem? Please describe.

The public key-based request signing functionality added to sso_proxy in buzzfeed/sso#106 is undocumented. In particular, it's not immediately obvious how to a) generate an appropriate keypair or b) validate a signed request in an upstream service.

Describe the solution you'd like

New documenta

At the third paragraph on the section Preface, there is a typo on the acronym.

From this book you will learn how to use cryptographic algorithms and cryptosystems like hashes, MAC codes and key derivation functions (KFD)

Here, KFD should be KDF.

Would love to have TypeScript type definitions so aes-js could be used in a strongly typed way in a TypeScript project. Thanks!

sysPass Version
3.1

Describe the bug
If a password preset is configured based on e.g. user-profile and you create a new account, the password generator in the account creation view doesn't respect these values.
If you click on generate password, password is generated. If you then choose save an error message appears with the error that the password is too short.

To Reproduce

I was confused from the brief documentation spec what is the difference between DH and Elliptic Curve code. I though these are two ways to do the same thing. It is only when I tried to get the x coordinate of the public key generated by generateKey() that I realized that this is not Elliptic Curve DH.

It looks like performance regressed rather severely in a commit reverted here:

miscreant/meta#87

It would be nice to detect such regressions automatically and prevent them in the future

I believe that it is somewhat irresponsible to not mention Message Authentication. Otherwise, users will copy the insecure code in the README without realizing e.g. CBC without a MAC is trivially broken.