Java Reference
In-Depth Information
Determining If Two Keys Are Equal (JCA Reference Guide)
12. Do not use insecure or weak cryptographic algorithms
Security-intensive applications must avoid use of insecure or weak cryptographic prim-
itives. The computational capacity of modern computers permits circumvention of such
cryptography via brute-force attacks. For example, the Data Encryption Standard (DES)
encryption algorithm is considered highly insecure; messages encrypted using DES have
been decrypted by brute force within a single day by machines such as the Electronic
Frontier Foundation's (EFF) Deep Crack.
Noncompliant Code Example
This noncompliant code example encrypts a String input using a weak cryptographic al-
gorithm (DES):
Click here to view code image
SecretKey key = KeyGenerator.getInstance("DES").generateKey();
Cipher cipher = Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE, key);
// Encode bytes as UTF8; strToBeEncrypted contains
// the input string that is to be encrypted
byte[] encoded = strToBeEncrypted.getBytes("UTF8");
// Perform encryption
byte[] encrypted = cipher.doFinal(encoded);
Compliant Solution
This compliant solution uses the more secure Advanced Encryption Standard (AES) al-
gorithm to perform the encryption.
Click here to view code image
Cipher cipher = Cipher.getInstance("AES");
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128); // 192 and 256 bits may be unavailable
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Previous Page
Next Page
Java Coding Guidelines
Search WWH ::




Custom Search
Home