Details

    • Message:
      Use a strong cipher algorithm
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      ABAP, APEX, C, C++, Cobol, CSS, Flex, Go, HTML, JavaScript, Kotlin, Objective-C, PHP, PL/I, PL/SQL, RPG, Ruby, Rust, Scala, Solidity, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
    • Covered Languages:
      C#, Java, PHP, Python
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources
    • CERT:
      MSC61-J.
    • CWE:
      CWE-327, CWE-326
    • OWASP:
      A3, A6
    • SANS Top 25:
      Porous Defenses
    • FindSecBugs:
      DES_USAGE, TDES_USAGE, CIPHER_INTEGRITY, NULL_CIPHER
    • FxCop:
      CA5351, CA5350

      Description

      Strong cipher algorithms are cryptographic systems resistant to cryptanalysis, they are not vulnerable to well-known attacks like brute force attacks for example.

      A general recomandation is to only use cipher algorithms intensively tested and promoted by the cryptographic community.

      More specifically for block cipher, it's not recommended to use algorithm with a block size inferior than 128 bits.

      See

        Attachments

          Issue Links

          1.
          Python RSPEC-5552 Language-Specification Active Unassigned
          2.
          Swift RSPEC-5554 Language-Specification Active Unassigned
          3.
          PL/SQL RSPEC-5556 Language-Specification Active Unassigned
          4.
          C-Family RSPEC-5557 Language-Specification Active Unassigned
          5.
          C# RSPEC-5559 Language-Specification Active Unassigned
          6.
          PHP RSPEC-5560 Language-Specification Active Unassigned
          7.
          Java RSPEC-5561 Language-Specification Active Unassigned
          8.
          Kotlin RSPEC-5562 Language-Specification Active Unassigned
          9.
          JavaScript RSPEC-5671 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                eric.therond Eric Therond
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: