Avoid DES

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: swift-security/avoid-des

Language: Unknown

Severity: Info

Category: Best Practices

Description

This rule discourages the use of the DES (Data Encryption Standard) algorithm for cryptographic operations. DES is considered insecure due to its short key length and vulnerability to brute-force attacks, making it unsuitable for protecting sensitive data.

To comply with this rule, developers should avoid specifying “des” as the cryptographic algorithm in their code. Instead, use more secure alternatives such as AES (Advanced Encryption Standard), which provides stronger encryption and is widely supported.

Non-Compliant Code Examples

let crypt = CkoCrypt2()
crypt.CryptAlgorithm = "3des"

let crypt = CkoCrypt2()
crypt.CryptAlgorithm = "des"

let cryptor = try Cryptor(operation: .encrypt, algorithm: .des, options: .none, key: key, iv: [])

Compliant Code Examples

let cryptor = try Cryptor(operation: .encrypt, algorithm: .aes, options: .none, key: key, iv: [])

let crypt = CkoCrypt2()
crypt.CryptAlgorithm = "aes"
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

シームレスな統合。 Datadog Code Security をお試しください

Datadog Code Security