...
| Code Block | ||
|---|---|---|
| ||
Cipher cipher = Cipher.getInstance("AES");
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128); // 192 and 256 bits may be unavailable
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
// Encode bytes as UTF8; strToBeEncrypted contains the input string
// that is to be encrypted
byte[] encoded = strToBeEncrypted.getBytes("UTF8");
// Perform encryption
byte[] encrypted = cipher.doFinal(encoded);
|
...
Applicability
Use of mathematically and computationally insecure cryptographic algorithms can result in the disclosure of sensitive information.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC65-JG | medium | probable | medium | P8 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
...
Weak cryptographic algorithms can be disabled in Java SE 7, see the Java PKI Programmer's Guide, Appendix D: Disabling Cryptographic Algorithms
Related Guidelines
| MITRE 2009 | CWE ID 327 "Use of a Broken or Risky Cryptographic Algorithm" |
Bibliography
[API 2011]
...