42 lines
1.5 KiB
Plaintext
42 lines
1.5 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
== Noncompliant Code Example
|
|
|
|
For https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=netcore-3.1[System.Security.Cryptography] library, these old cryptographic algorithms should no longer be used for any reason:
|
|
|
|
----
|
|
Dim TripleDES1 As new TripleDESCryptoServiceProvider() ' Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
|
|
|
|
Dim SimpleDES As New DESCryptoServiceProvider() ' Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
|
|
|
|
Dim RC2 As new RC2CryptoServiceProvider() ' Noncompliant: RC2 is vulnerable to a related-key attack
|
|
----
|
|
For Bouncycastle library, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339[AESFastEngine has a side channel leak], it is possible to gain information about the key used to initialize the cipher:
|
|
|
|
----
|
|
Dim AesFast As new AesFastEngine() ' Noncompliant
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography?view=netcore-3.1[System.Security.Cryptography] library, it's recommended to use ``++AesCryptoServiceProvider++``:
|
|
|
|
----
|
|
Dim AES As new AesCryptoServiceProvider() ' Compliant
|
|
----
|
|
For Bouncycastle library, it's recommended to use ``++AESEngine++``:
|
|
|
|
----
|
|
Dim AES As new AESEngine() ' Compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|