Hi, I am currently looking into projects on github which are parametrically misusing cryptographic APIs for my research and I came across a few instances in your project where I found such misuses. These misuses have been highlighted in research papers such as

• CDRep: Automatic Repair of Cryptographic Misuses in Android Applications

In your source code file DES.java there are following issues in encrypt(String, String):

• At line 37

AlgorithmParameterSpec paramSpec = new IvParameterSpec(IV_PARAMS_BYTES);;

The first parameter should be properly randomized using java.security.SecureRandom API.

• At line 36

Cipher cipher = Cipher.getInstance(ALGORITHM_DES);

The first parameter (with value "DES/CBC/PKCS5Padding") should be any of {AES, Blowfish, DESede, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256, RSA}

• Consequently at line 38

cipher.init(Cipher.ENCRYPT_MODE, secretKey,paramSpec);  

since "paramSpec" was not properly prepared due to the absence of randomzation therefore, here cipher.init() call is compromised as well. Same issues were found in the function "decrypt(String, String)"

Next in your source code file AES.java we found following misuses:

• At line 54 and 39

Cipher cipher = Cipher.getInstance("AES");  

First parameter (with value "AES") should be any of AES/{CBC, GCM, PCBC, CTR, CTS, CFB, OFB}

Next in your source code file SHA1.java we found following misuses:

• At line 40

MessageDigest md = MessageDigest.getInstance("SHA-1");

First parameter (with value "SHA-1") should be any of {SHA-256, SHA-384, SHA-512}

Then in your source code file DigestUtils.java we found following misuses:

• At line 37

MessageDigest md = MessageDigest.getInstance(MD5_NAME);

First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512}

I believe fixing these issues would help your product be more secure.