Metadata

ID: java-security/crypto-algorithm

Language: Java

Severity: Warning

Category: Security

CWE: 327

Related CWEs:

• 328
• 916
• 1240

Description

This rule ensures that data encryption in your application is robust and secure against potential cyber threats. The rule discourages the use of deprecated and weak cryptographic algorithms such as DES (Data Encryption Standard) or DESede, which are known to be vulnerable to various types of attacks.

Using weak or deprecated encryption algorithms can lead to serious security breaches, including unauthorized access to sensitive data. Strong cryptography is essential in today’s digital world where data breaches are becoming increasingly common and sophisticated.

How to remediate

Always use strong and up-to-date cryptographic algorithms in your Java code. For instance, instead of ‘DES’, use stronger algorithms like ‘AES’ (Advanced Encryption Standard) with a key size of at least 128 bits. So, instead of javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding") or Cipher.getInstance("DES"), you should use something like Cipher.getInstance("AES/CBC/PKCS5Padding") or Cipher.getInstance("AES"). Regularly updating your knowledge about the latest cryptographic standards can also help in maintaining the security of your application.

Non-Compliant Code Examples

class Foo {
    public void bar () {
        javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding");


        Cipher.getInstance("DES");
    }
}

Compliant Code Examples

class Foo {
    public void bar() throws Exception {
        // Safe: using strong AES encryption instead of weak DES
        javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        Cipher.getInstance("AES");
    }
}

シームレスな統合。 Datadog Code Security をお試しください

Datadog Code Security