include::../description.adoc[]

== Noncompliant Code Example

----
Blob cryptoKey = Crypto.generateAesKey(256);
Blob hardcoded_iv = Blob.valueOf('hardcoded IV');
Blob data = Blob.valueOf('some secret data');
Blob encryptedData = Crypto.encrypt('AES256', hardcoded_iv, key, data);  // Noncompliant, the IV is hardcoded
----

== Compliant Solution

----
Blob cryptoKey = Crypto.generateAesKey(256);
Blob data = Blob.valueOf('some secret data');
Blob encryptedData = Crypto.encryptWithManagedIV('AES256', key, data);
----

== See

* http://cwe.mitre.org/data/definitions/330[MITRE, CWE-330] - Use of Insufficiently Random Values
* OWASP Top 10 2017 Category A6 - Security Misconfiguration
* https://developer.salesforce.com/page/Apex_Crypto_Class[Using the Apex Crypto Class]