Do not use weak crypto algorithm

문서 > Datadog 보안 > Code Security > Static Code Analysis (SAST) > SAST 규칙 > Do not use weak crypto algorithm

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: java-security/crypto-algorithm

Language: Java

Severity: Warning

Category: Security

CWE: 327

Related CWEs:

Description

This rule ensures that data encryption in your application is robust and secure against potential cyber threats. The rule discourages the use of deprecated and weak cryptographic algorithms such as DES (Data Encryption Standard) or DESede, which are known to be vulnerable to various types of attacks.

Using weak or deprecated encryption algorithms can lead to serious security breaches, including unauthorized access to sensitive data. Strong cryptography is essential in today’s digital world where data breaches are becoming increasingly common and sophisticated.

How to remediate

Always use strong and up-to-date cryptographic algorithms in your Java code. For instance, instead of ‘DES’, use stronger algorithms like ‘AES’ (Advanced Encryption Standard) with a key size of at least 128 bits. So, instead of javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding") or Cipher.getInstance("DES"), you should use something like Cipher.getInstance("AES/CBC/PKCS5Padding") or Cipher.getInstance("AES"). Regularly updating your knowledge about the latest cryptographic standards can also help in maintaining the security of your application.

Non-Compliant Code Examples

class Foo {
    public void bar () {
        javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding");


        Cipher.getInstance("DES");
    }
}

Compliant Code Examples

class Foo {
    public void bar() throws Exception {
        // Safe: using strong AES encryption instead of weak DES
        javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        Cipher.getInstance("AES");
    }
}