Data Protection - Cryptography: Avoid cryptographic weakness: Use sufficiently long key sizes: keyGenerator bad value :: Recipe Details

Recipe Name:

Data Protection - Cryptography: Avoid cryptographic weakness: Use sufficiently long key sizes: keyGenerator bad value

Description:

Could lead to brute forcing or other cryptographic weakness

Level:

error

Language:

java

Tags:

security
basic protection set

Documentation

Secure coding practices prescribe to use sufficiently large cryptographic keys.

It is not recommended to use short keys as this is less secure. The recommended key size depends on the algorithm. In general, it is advised to use the maximum size the API allows by default.

Correct code example secret key size

keyGenerator.init(128);

Correct code example keypair size

keypairGenerator.initialize(2048);

Recipe

id: scw:crypto:keygen-short-key
version: 10
metadata:
  name: 'Data Protection - Cryptography: Avoid cryptographic weakness: Use sufficiently long key sizes: keyGenerator bad value'
  shortDescription: Could lead to brute forcing or other cryptographic weakness
  level: error
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_short_encryption_keys
  enabled: true
  descriptionFile: Java/Crypto/descriptions/Key_sizes.html
  tags: security;basic protection set
search:
  methodcall:
    args:
      1:
        value:
          integer:
            lessThan: 128
    name: init
    declaration:
      type: javax.crypto.KeyGenerator
availableFixes:
- name: Initialize key size to 128
  actions:
  - rewrite:
      to: '{{{ expressionElement }}}(128)'