Comment 4 for bug 1606419

<disclaimer>I'm no expert on security, I don't play one on TV.</disclaimer>

But, I agree with Robert's first statement; that "CBC is intended as a stream cipher" isn't exactly my understanding.

Still, the reporter claims "AES CBC is intended as a stream cipher rather than encryption and decryption of static data, this could potentially lead to more complex crypto issues".

If there are in fact more complex crypto issues, I don't want to lose sight of them in the focus on the first part of the sentence. So, let's accept as stipulated that Trove is using AES CBC in some manner that is inappropriate; what are these more complex crypto issues that you speak of?