include::../description.adoc[]

== Noncompliant Code Example

----
val c1 = Cipher.getInstance("AES") // Noncompliant: by default ECB mode is chosen
val c2 = Cipher.getInstance("AES/ECB/NoPadding") // Noncompliant: ECB doesn't provide serious message confidentiality

val c3 = Cipher.getInstance("RSA/NONE/NoPadding") // Noncompliant: RSA without OAEP padding scheme is not recommanded
----

== Compliant Solution

----
// Recommended for block ciphers
val c1 = Cipher.getInstance("AES/GCM/NoPadding"); // Compliant

// Recommended for RSA
val c2= Cipher.getInstance("RSA/None/OAEPWithSHA-1AndMGF1Padding") // Compliant
val c3 = Cipher.getInstance("RSA/None/OAEPWITHSHA-256ANDMGF1PADDING") // Compliant
----

== See

* https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
* https://cwe.mitre.org/data/definitions/327.html[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses

ifdef::rspecator-view[]
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::rspecator-view[]