Use strong cipher algorithms instead of deprecated ones

Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST Rules > Use strong cipher algorithms instead of deprecated ones

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: kotlin-security/avoid-weak-ciphers

Language: Kotlin

Severity: Error

Category: Security

CWE: 327

Description

This rule enforces the use of strong cipher algorithms and discourages the use of deprecated or weak ones in your Kotlin code. Cipher algorithms are crucial for ensuring data security in applications. However, not all ciphers provide the same level of security. Some older ciphers, such as DES, have known vulnerabilities and have been deprecated.

Using weak or deprecated cipher algorithms can expose your application’s data to potential security breaches. By exploiting the vulnerabilities of these weak ciphers, attackers can decrypt sensitive information, leading to data breaches.

To adhere to this rule, always use strong, up-to-date cipher algorithms in your Kotlin code. For example, instead of using Cipher.getInstance("DES"), which uses the deprecated DES algorithm, use Cipher.getInstance("AES/GCM/NoPadding"), which uses the strong AES algorithm with GCM mode and no padding. Regularly update your knowledge on the latest recommended cipher algorithms and avoid those known to be weak or compromised.

Non-Compliant Code Examples

import javax.crypto.Cipher

fun main(args: Array<String>) {
    val insecureDES = Cipher.getInstance("DES")
}

Compliant Code Examples

import javax.crypto.Cipher

fun main(args: Array<String>) {
    val secureAES = Cipher.getInstance("AES/GCM/NoPadding")
}