Posted by gremlin on Dec 27

> res = apr_crypto_passphrase(&key, &ivSize, passphrase,
> strlen(passphrase), (unsigned char *) (&salt), sizeof(apr_uuid_t),
> *cipher, APR_MODE_CBC, 1, 4096, f, r->pool);

CBC. Again.

The earliest mention of CFB which I know is dated 1989.
The earliest mention of CTR which I know is dated 1990-ies.

But there still are people who use CBC…

Please, PLEASE, PPLEEEEAASSSE don’t use it. Instead, use either…