Insecure Encryption Algorithm

Need

Prevent unauthorized access and tampering of encrypted data.

Context

Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications
Usage of crypto library for encryption

Description

Non compliant code

def encrypt(data, key) do
  :crypto.block_encrypt(:des_ecb, key, data)
end

This Elixir function uses the DES algorithm to encrypt data. DES is considered insecure due to its small key size, making it susceptible to brute-force attacks.

Steps

Replace the DES encryption function with the AES encryption function.
Ensure that the key size is at least 128 bits, which is the minimum key size for AES.

Compliant code

def encrypt(data, key) do
  :crypto.block_encrypt(:aes_ecb, key, data)
end

This Elixir function uses the AES algorithm to encrypt data. AES is a secure encryption algorithm that is resistant to brute-force attacks due to its large key size.

References

052.Insecure encryption algorithm

Need​

Context​

Description​

Non compliant code​

Steps​

Compliant code​

References​