25 lines
1.1 KiB
Plaintext
25 lines
1.1 KiB
Plaintext
Encryption algorithms can be used with various modes. Some combinations are not secured:
|
|
|
|
|
|
* Electronic Codebook (ECB) mode: Under a given key, any given plaintext block always gets encrypted to the same ciphertext block. Thus, it does not hide data patterns well. In some senses, it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.
|
|
* Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is susceptible to padding oracle attacks. CBC + PKCS#7 can be used if combined with an authenticity check (HMAC-SHA256 for example) on the cipher text.
|
|
|
|
In both cases, Galois/Counter Mode (GCM) with no padding should be preferred. As the .NET framework doesn't provide this natively, the use of a certified third party lib is recommended.
|
|
|
|
|
|
This rule raises an issue when any of the following CipherMode is detected: ECB, CBC, OFB, CFB, CTS.
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
AesManaged aes = new AesManaged
|
|
{
|
|
KeySize = 128,
|
|
BlockSize = 128,
|
|
Mode = CipherMode.OFB, // Noncompliant
|
|
Padding = PaddingMode.PKCS7
|
|
};
|
|
----
|
|
|
|
include::../see.adoc[]
|