Insecure Encryption Algorithm - TripleDES

Need

To secure sensitive data using secure encryption algorithms.

Context

Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
Usage of crypto module for encryption

Description

Non compliant code

defmodule MyApp.Crypto do
  def encrypt(data, key) do
    :crypto.block_encrypt(:des_ede3, key, data)
  end

  def decrypt(ciphertext, key) do
    :crypto.block_decrypt(:des_ede3, key, ciphertext)
  end
end

The code is vulnerable because it uses TripleDES algorithm for encryption which is now considered insecure. The use of this algorithm can lead to exposure of sensitive data if the encrypted data is intercepted.

Steps

Use a secure encryption algorithm such as AES.
Replace the :des_ede3 atom with :aes_cbc128 or :aes_cbc256 in the :crypto.block_encrypt/3 and :crypto.block_decrypt/3 functions.

Compliant code

defmodule MyApp.Crypto do
  def encrypt(data, key, iv) do
    :crypto.block_encrypt(:aes_cbc128, {key, iv}, data)
  end

  def decrypt(ciphertext, key, iv) do
    :crypto.block_decrypt(:aes_cbc128, {key, iv}, ciphertext)
  end
end

In this secure code example, we've replaced the insecure TripleDES algorithm with AES, which is considered secure. This will effectively protect sensitive data from being exposed even if intercepted.

References

264.Insecure encryption algorithm - TripleDES

Need​

Context​

Description​

Non compliant code​

Steps​

Compliant code​

References​