2020-06-30 14:41:58 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
|
|
|
|
|
|
----
|
2021-04-26 17:29:13 +02:00
|
|
|
val c1 = Cipher.getInstance("AES") // Noncompliant: by default ECB mode is chosen
|
|
|
|
|
val c2 = Cipher.getInstance("AES/ECB/NoPadding") // Noncompliant: ECB doesn't provide serious message confidentiality
|
|
|
|
|
|
|
|
|
|
val c3 = Cipher.getInstance("RSA/NONE/NoPadding") // Noncompliant: RSA without OAEP padding scheme is not recommanded
|
2020-06-30 14:41:58 +02:00
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// Recommended for block ciphers
|
2021-04-26 17:29:13 +02:00
|
|
|
val c1 = Cipher.getInstance("AES/GCM/NoPadding"); // Compliant
|
2020-06-30 14:41:58 +02:00
|
|
|
|
|
|
|
|
// Recommended for RSA
|
2021-04-26 17:29:13 +02:00
|
|
|
val c2= Cipher.getInstance("RSA/None/OAEPWithSHA-1AndMGF1Padding") // Compliant
|
|
|
|
|
val c3 = Cipher.getInstance("RSA/None/OAEPWITHSHA-256ANDMGF1PADDING") // Compliant
|
2020-06-30 14:41:58 +02:00
|
|
|
----
|
|
|
|
|
|
2021-04-26 17:29:13 +02:00
|
|
|
== See
|
|
|
|
|
|
|
|
|
|
* https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
|
|
|
|
|
* https://cwe.mitre.org/data/definitions/327.html[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
|
|
|
|
|
* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
|
|
|
|
|
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
|
2021-06-02 20:44:38 +02:00
|
|
|
|
2021-06-03 09:05:38 +02:00
|
|
|
ifdef::env-github,rspecator-view[]
|
2021-06-08 15:52:13 +02:00
|
|
|
'''
|
2021-06-02 20:44:38 +02:00
|
|
|
== Comments And Links
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::../comments-and-links.adoc[]
|
2021-06-03 09:05:38 +02:00
|
|
|
endif::env-github,rspecator-view[]
|
