Thank you all for your comments and for pointing out the bugs. Hopefully, the coming versions will be more secure.
This was a good learning exercise.
Contributions are most welcome (Especially on authentication issue, the rand issue and IV issue seems to be fixable).