ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4426/rationale.adoc
Loris S e09d505103
Modify S4426: Learn-As-You-Code Migration (#2166) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [x] logical errors and incorrect information
- [x] information gaps and missing content
- [x] text style and tone
- [x] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
2023-06-20 12:08:25 +02:00

31 lines
1.5 KiB
Plaintext
Raw Permalink Blame History

Encryption algorithms are essential for protecting sensitive information and
ensuring secure communications in a variety of domains. They are used for
several important reasons:
* Confidentiality, privacy, and intellectual property protection
* Security during transmission or on storage devices
* Data integrity, general trust, and authentication
When selecting encryption algorithms, tools, or combinations, you should also
consider two things:
1. No encryption is unbreakable.
2. The strength of an encryption algorithm is usually measured by the effort required to crack it within a reasonable time frame.
In today's cryptography, the length of the *key* directly affects the security
level of cryptographic algorithms.
Note that depending on the algorithm, the term *key* refers to a different
mathematical property. For example:
* For RSA, the key is the product of two large prime numbers, also called the **modulus**.
* For AES and Elliptic Curve Cryptography (ECC), the key is only a sequence of randomly generated bytes.
** In some cases, AES keys are derived from a master key or a passphrase using a Key Derivation Function (KDF) like PBKDF2 (Password-Based Key Derivation Function 2)
If an application uses a key that is considered short and *insecure*, the
encrypted data is exposed to attacks aimed at getting at the plaintext.
In general, it is best practice to expect a breach: that a user or organization
with malicious intent will perform cryptographic attacks on this data after
obtaining it by other means.
Reference in New Issue View Git Blame Copy Permalink