I have an app that communicates over the Internet. I'm using the
libeay32.dll for encryption. As we all know from WEP, using encryption
doesn't mean its secure. Can you take a min. at look at how I've
implemented this and tell me if its secure? Thanks!
The user has a fixed 8 character password (bad, I know, I don't control
that part.) someSalt and theIV are 16 bytes (128 bit). rand_bytes() is
used to init someSalt and theIV.
I use the following code to create a "session" key, and setup the