I'm a pentester and currently analysing a web application which are using some strange encryption scheme. The point is: They encrypt using AES-128, generate a (not cryptographic secure) key and us...