Added some more comments to try to clarify things a bit.

kevin.w.wall · kevin.w.wall · commit 45bc57fb8b9b · 2009-08-30T04:21:42.000Z
diff --git a/src/main/resources/.esapi/ESAPI.properties b/src/main/resources/.esapi/ESAPI.properties
@@ -145,17 +145,17 @@ Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
 # where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
 # that requires downloading the special jurisdiction policy files mentioned above.)
 #
-
+#		***** IMPORTANT: Do NOT forget to replace these with your own values! *****
 Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
 Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
 
 # AES is the most widely used and strongest encryption algorithm. This
 # should agree with your Encryptor.CipherTransformation property.
 # By default, ESAPI Java 1.4 uses "AES/ECB/NoPadding", and 2.0 uses
 # "AES/CBC/PKCSPadding". If you want to change these, change them here.
-#		For ESAPI Java 1.4
+#		For ESAPI Java 1.4 - Deprecated encrypt / decrypt methods use this.
 Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
 Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
 
 # 128-bit is almost always sufficient and appears to be more resistant to
@@ -189,7 +189,7 @@ Encryptor.ChooseIVMethod=random
 # NIST Special Publication 800-38A (2001 Edition)
 # "Recommendation for Block Cipher Modes of Operation".
 #
-#Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 
 # Whether or not CipherText should use a message integrity code (MIC) with it.
 # This prevents an adversary from altering the IV as well as allowing a more
