Recipe Name:
Data Protection - Cryptography: Avoid cryptographic weakness: Use sufficiently long key sizes: keyPairGenerator
Description:
Could lead to brute forcing or other cryptographic weakness
Level:
error
Language:
- java
Tags:
- security
- basic protection set
Documentation
Secure coding practices prescribe to use sufficiently large cryptographic keys.
It is not recommended to use short keys as this is less secure. The recommended key size depends on the algorithm. In general, it is advised to use the maximum size the API allows by default.
Correct code example secret key sizekeyGenerator.init(128);Correct code example keypair size
keypairGenerator.initialize(2048);
Recipe
id: scw:crypto:keypairgen-missing-init version: 10 metadata: name: 'Data Protection - Cryptography: Avoid cryptographic weakness: Use sufficiently long key sizes: keyPairGenerator' shortDescription: Could lead to brute forcing or other cryptographic weakness level: error language: java newCodeOnly: false scwCategory: broken_cryptography:improper_use_of_cryptography_algorithm enabled: true descriptionFile: Java/Crypto/descriptions/Key_sizes.html tags: security;basic protection set search: methodcall: args: 1: type: java.lang.String value: stringified: RSA not: followedBy: methodcall: name: initialize name: getInstance declaration: type: java.security.KeyPairGenerator availableFixes: - name: Initialize key size to 2048 bits actions: - addMethodCall: name: initialize arguments: - "2048" position: first-available-spot