# INSECURE CIPHER

Feature Value
Type Detection
Risk OWASP A3
Covered by Agent

The application uses an encryption algorithm that doesn't meet today's generally accepted standards. Cryptography is difficult and there are many minor mistakes that can cause a cryptosystem to leak information, or worse. Choosing an encryption algorithm that is known to be unsafe is a very common way to completely undermine security. Frequently, the use of a weak algorithm will allow sensitive data or credentials to be hijacked during transmission or when stored.

## How to solve it

Change the encryption algorithm to one that is currently considered strong, such as AES. Switching encryption algorithms is not tremendously difficult, although it might require significant data migration effort.

For example, consider code that uses the DES cipher, which is considered very weak by today's standards because of its small key size of 56 bits:

final Cipher weakCipher = Cipher.getInstance("DES"); // Unsafe!


The following code uses an AES cipher, which is considered much stronger for many reasons, including a key length of at least 128 bits:

final Cipher strongCipher = Cipher.getInstance("AES/CTR/NoPadding"); // Safer!


Although in the past, ECB (electronic codebook) and CBC (cipher block chaining) modes were popular, they both exhibit weaknesses that can be exploited practically. This is why our snippet utilizes the CTR/NoPadding mode and transformation. CTR (Counter) mode turns AES into a stream cipher, making the encrypted traffic much more difficult to attack. This allows the code to resist Padding Oracle attacks, which have been used to break numerous systems, including Java Server Faces (JSF), ASP.NET/IIS, and Ruby on Rails.

You should also always use integrity checking with HMACs, if possible. HMACs usually involve signing the hash of the encrypted blob with the private part of an asymmetric keypair. Without this protection, the code may also be vulnerable to bit flipping and other attacks that result from not guaranteeing the sender generated the ciphertext. Using an HMAC allows you to safely use CBC mode as well.

There is a common saying in cryptography attributed to the NSA, "Attacks always get better - they never get worse." Make your cryptographic design accordingly!