Weak encryption library usage detected

Rule ID: java_lang_weak_encryption
Languages: java
Source: weak_encryption.yml

Description

Sensitive data should be encrypted with strong encryption algorithms like aes-256-cbc

Remediations

According to OWASP: MD5, RC4, DES, Blowfish, SHA1. 1024-bit RSA or DSA, 160-bit ECDSA (elliptic curves), 80/112-bit 2TDEA (two key triple DES) are considered as weak hash/encryption algorithms and therefore shouldn't be used.

✅ Use stronger encryption algorithms when storing data.

  MessageDigest md = MessageDigest.getInstance("SHA-256");

Resources

Java MessageDigest class

Associated CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

OWASP Top 10

A02:2021 - Cryptographic Failures

Ready to take the next step? Join the Bearer Cloud waitlist.