Use GCM Padding with AES
Summary
AES symmetric encryption should be used only with GCM padding.
Description
This GCM padding mechanism is a secure option when working with symmetric encryption. GCM is well-suited for modern cryptographic requirements and is widely adopted in various security protocols and applications where the combination of encryption and authentication is required.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CAPEC™-20. Encryption brute forcing
- HIPAA-164_312_a_2_iv. Encryption and decryption (addressable)
- HITRUST CSF-10_g. Key management
- ISO/IEC 27002-8_24. Use of cryptography
- ISA/IEC 62443-DC-4_3. Use of cryptography
- ISO/IEC 27001-8_24. Use of cryptography
free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.