Weak Encryption Algorithm

ID

java.weak_encryption_algorithm

Severity

critical

Resource

Cryptography

Language

Java

Tags

CWE:327, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3, crypto

Description

Weak encryption algorithm vulnerabilities occur when outdated or insufficiently secure cryptographic algorithms are used, potentially leading to data compromise.

Encryption algorithms like DES, Triple-DES and RC2 are nowadays too weak for cryptographic usage, in particular for ensuring information confidentiality.

Rationale

Encryption algorithms are crucial for ensuring the confidentiality of sensitive data during transmission and storage. However, some algorithms that were secure in the past are now considered vulnerable due to advances in computational power and cryptanalysis techniques.

Two examples are:

  • Triple-DES, now considered a modest improvement over the obsolete and broken DES. It is slower and shorter in key length compared to more secure algorithms.

  • IDEA (International Data Encryption Algorithm). While stronger than DES, IDEA has limited key length and is not as widely supported or vetted as AES for modern use cases.

Instead, more modern algorithms like AES should be used, with key length chosen according to the sensitivity of the date or the time in the future that the data needs to be protected.

Other considerations, such as the use of an appropriate cipher mode and, above all, proper key management, should also be taken into account when using encryption libraries.

Example of insecure encryption usage:

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

public class WeakEncryptionExample {
    public byte[] encryptData(String data) throws Exception {
        // Weak encryption algorithm: DESEDE (Triple DES)
        KeyGenerator keyGen = KeyGenerator.getInstance("DESede");
        SecretKey secretKey = keyGen.generateKey();
        Cipher cipher = Cipher.getInstance("DESede");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
        return cipher.doFinal(data.getBytes());
    }
}

In this example, DES-EDE is used to encrypt data. Despite being stronger than DES, it is considered vulnerable in the context of modern security standards.

Remediation

To enhance the security of your symmetric encryption practices in applications, adhere to the following recommendations:

1. Use AES: Adopt AES (Advanced Encryption Standard) as it offers strong encryption capabilities with flexible key lengths (128, 192, or 256 bits) and is widely accepted as a robust standard for secure encryption. Only go to other algorithms if necessary. Albeit there are other symmetric ciphers that could be used for special applications, AES is in general the best choice. Alternatives considered robust are ChaCha20-Poly1305, TwoFish, Serpent, or even ASCON for resource-constrained devices.

2. Proper Key Lengths and Modes: For AES, use key lengths of at least 128-bits, and prefer modes like GCM (Galois/Counter Mode) or at least CBC (Cipher Block Chaining) with adequate padding and initialization vectors to enhance security.

3. Up-to-date Libraries: Utilize well-maintained libraries to implement encryption, ensuring your code benefits from the latest security updates and best practices.

4. Regular Security Reviews: Continuously assess and update encryption practices to adapt to new cryptographic research and potential vulnerabilities in existing standards.

Secure implementation using AES:

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

public class SecureEncryptionExample {
    public byte[] encryptData(String data) throws Exception {
        // Secure encryption algorithm: AES
        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
        keyGen.init(128); // Use 128, 192, or 256 bits based on security requirement
        SecretKey secretKey = keyGen.generateKey();
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
        return cipher.doFinal(data.getBytes());
    }
}

By transitioning to AES with the GCM mode, this example leverages modern cryptographic practices to ensure strong data encryption, protecting against emerging threats and vulnerabilities.

Configuration

The detector has the following configurable parameters:

  • allowedAlgorithms, that indicates the algorithms that are allowed to be used.

  • forbiddenAlgorithms, that indicates the algorithms that are considered weak and that should not be used.

References