ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4432/java/rule.adoc

25 lines
1.0 KiB
Plaintext
Raw Normal View History

Add rules 4000-4999
2020-06-30 12:49:37 +02:00
The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Some combinations are not secured:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
* Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.
* Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks.
In both cases, Galois/Counter Mode (GCM) with no padding should be preferred.
Force linebreaks
2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim
2021-01-27 13:42:22 +01:00
This rule raises an issue when a ``++Cipher++`` instance is created with either ECB or CBC/PKCS5Padding mode.
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
== Noncompliant Code Example
----
Cipher c1 = Cipher.getInstance("AES/ECB/NoPadding"); // Noncompliant
Cipher c2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Noncompliant
----
== Compliant Solution
----
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
----
include::../see.adoc[]
Reference in New Issue Copy Permalink