ID: java-security/no-des-cipher
Language: Java
Severity: Warning
Category: Security
CWE: 326
Description
DES is considered strong ciphers for modern applications. NIST recommends the usage of AES block ciphers instead of DES.
Learn More
Non-Compliant Code Examples
class MyClass {
public void test1() {
Cipher c = Cipher.getInstance("DES/ECB/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
public void test2() {
Cipher c = Cipher.getInstance("DESede/ECB/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
public void test3() {
javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("DES/ECB/PKCS5Padding");
// Prepare the cipher to encrypt
javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey();
java.security.spec.AlgorithmParameterSpec paramSpec =
new javax.crypto.spec.IvParameterSpec(iv);
c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec);
}
}
Compliant Code Examples
class MyClass {
public void test() {
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.ENCRYPT_MODE, k, iv);
byte[] cipherText = c.doFinal(plainText);
}
}
