Hi, I am currently looking into projects on github which are parametrically misusing cryptographic APIs for my research and I came across a few instances in your project where I found such misuses. These misuses have been highlighted in research papers such as
In your source code file DesEncrypter.java there is a function "DesEncrypter(String, byte[])" and at line 44:
KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), salt, iterationCount);
where the iterationCount defined is 17 which is not the recommended value i.e. 1000
In another file AES.java there are two functions encrypt(byte[], string) and decrypt(byte[], string) with following misuses at line 34 and 49:
Cipher cipher = Cipher.getInstance(AES);
First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}
In another file MD5Util.java there are two functions encrypt(byte[], string) and decrypt(byte[], string) with following misuses at line 50:
MessageDigest md = MessageDigest.getInstance("MD5");
First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}
I believe fixing these issues would help your product be more secure.