rspec/rules/S4426/rationale.adoc

Encryption algorithms are essential for protecting sensitive information and
ensuring secure communications in a variety of domains. They are used for
several important reasons:

* Confidentiality, privacy, and intellectual property protection
* Security during transmission or on storage devices
* Data integrity, general trust, and authentication

When selecting encryption algorithms, tools, or combinations, you should also
consider two things:

1. No encryption is unbreakable.
2. The strength of an encryption algorithm is usually measured by the effort required to crack it within a reasonable time frame.

In today's cryptography, the length of the *key* directly affects the security
level of cryptographic algorithms.

Note that depending on the algorithm, the term *key* refers to a different
mathematical property. For example:

* For RSA, the key is the product of two large prime numbers, also called the **modulus**.
* For AES and Elliptic Curve Cryptography (ECC), the key is only a sequence of randomly generated bytes.
** In some cases, AES keys are derived from a master key or a passphrase using a Key Derivation Function (KDF) like PBKDF2 (Password-Based Key Derivation Function 2) 

If an application uses a key that is considered short and *insecure*, the
encrypted data is exposed to attacks aimed at getting at the plaintext.

In general, it is best practice to expect a breach: that a user or organization
with malicious intent will perform cryptographic attacks on this data after
obtaining it by other means.
Modify S4426: Learn-As-You-Code Migration (#2166) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 12:08:25 +02:00			`Encryption algorithms are essential for protecting sensitive information and`
			`ensuring secure communications in a variety of domains. They are used for`
			`several important reasons:`

			`* Confidentiality, privacy, and intellectual property protection`
			`* Security during transmission or on storage devices`
			`* Data integrity, general trust, and authentication`

			`When selecting encryption algorithms, tools, or combinations, you should also`
			`consider two things:`

			`1. No encryption is unbreakable.`
			`2. The strength of an encryption algorithm is usually measured by the effort required to crack it within a reasonable time frame.`

			`In today's cryptography, the length of the key directly affects the security`
			`level of cryptographic algorithms.`

			`Note that depending on the algorithm, the term key refers to a different`
			`mathematical property. For example:`

			`* For RSA, the key is the product of two large prime numbers, also called the modulus.`
			`* For AES and Elliptic Curve Cryptography (ECC), the key is only a sequence of randomly generated bytes.`
			`** In some cases, AES keys are derived from a master key or a passphrase using a Key Derivation Function (KDF) like PBKDF2 (Password-Based Key Derivation Function 2)`

			`If an application uses a key that is considered short and insecure, the`
			`encrypted data is exposed to attacks aimed at getting at the plaintext.`

			`In general, it is best practice to expect a breach: that a user or organization`
			`with malicious intent will perform cryptographic attacks on this data after`
			`obtaining it by other means.`