Insecure Encryption Algorithm - DSA

Need

To secure the information transmitted between the client and the server using cryptographically secure algorithms.

Context

Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
Usage of Plug (1.11.1 and above) for building composable web applications in Elixir
Usage of Plug.Crypto for cryptographic operations (version 1.2.0 and above)

Description

Non compliant code

defmodule MyApp.Encryption do
  def encrypt(data) do
    {:ok, key} = Plug.Crypto.KeyGenerator.generate(:dsa, {1024, 160}, :sha)
    {:ok, cipher} = :crypto.block_encrypt(:des, key, data)
    {:ok, cipher}
  end
end

This code is vulnerable because it uses the DSA encryption algorithm which is considered insecure. It could allow an attacker to decrypt the information transmitted between the client and the server.

Steps

Replace the insecure DSA algorithm with a secure one like RSA or ECC.
Ensure to use the appropriate key length based on the encryption algorithm.

Compliant code

defmodule MyApp.Encryption do
  def encrypt(data) do
    {:ok, key} = Plug.Crypto.KeyGenerator.generate(:rsa, :sha256)
    {:ok, cipher} = :crypto.block_encrypt(:aes, key, data)
    {:ok, cipher}
  end
end

In this secure code example, we've replaced the DSA encryption algorithm with RSA, which is considered secure. We've also switched the symmetric encryption algorithm from DES to AES.

References

261.Insecure encryption algorithm - DSA

Need​

Context​

Description​

Non compliant code​

Steps​

Compliant code​

References​