Checker Cryptography

belongs to group Basic
Identify the use of unsafe cryptographic algorithms

Frameworks supported by this checker

  • java up to 11
  • android up to API level 28
  • dotnet

Warnings generated by this checker

  • CryptographicAlgorithmWithRiskyCipherAlgorithmWarning: a cryptographic algorithm that contains an risky cipher algorithm [ CWE327 ]
  • CryptographicAlgorithmWithRiskyDefaultCipherAlgorithmWarning: a cryptographic algorithm which does not explicity the cipher mode, a broken or risky unsafe cryptographic cipher algorithm could be used by default [ CWE327 ]
  • CryptographicAlgorithmWithWeakHashingAlgorithmWarning: a cryptographic algorithm that contains a possibly reversible hashing algorithm [ CWE327 ]
  • DeprecatedOrDeletedCryptographyProviderFieldWarning: a deprecated cryptography provider is used here [ CWE327 ]
  • DeprecatedOrDeletedCryptographyProviderMethodWarning: a deprecated cryptography provider is used [ CWE327 ]
  • InadequateSaltWarning: a cryptographic algorithm is used without proper salt [ CWE916 ]
  • InsecureKeyDerivationFunctionWarning: an insecure key derivation function is used [ CWE326 ]
  • PossibleGenerationOfWeakCryptographicValuesWarning: possible generation of weak cryptography values [ CWE916 ]
  • RiskyCipherAlgorithmWarning: a weak, possibly reversible cryptographic cipher algorithm is used [ CWE328 ]
  • RiskyCipherFieldWarning: a weak, possibly reversible cryptographic cipher algorithm is used [ CWE327 ]
  • RiskyCryptographicAlgorithmFieldWarning: an unsafe cryptographic algorithm is used [ CWE327 ]
  • RiskyCryptographicAlgorithmWarning: an unsafe cryptographic algorithm is used [ CWE327 ]
  • RiskyDefaultCipherAlgorithmWarning: missing cipher mode algorithm, a broken or risky unsafe cryptographic cipher algorithm could be used by default [ CWE328 ]
  • UnsafeBase64EncodingWarning: the Base64 encoding is used, but it is nowadays easy to read [ CWE327 ]
  • WeakHashingAlgorithmFieldWarning: a weak, possibly reversible cryptographic cipher algorithm is used [ CWE327 ]
  • WeakHashingAlgorithmWarning: a weak, possibly reversible cryptographic algorithm is used [ CWE328 ]

Options accepted by this checker

  • allowCheckOfBase64: consider as weak the base64 algorithm
    The Base64 algorithms storically was used on password and sensitive data but it is nowadays easy to read and it shoulds be used only for non-sensitive data.Moreover, when this option is enabled, the analysis consider as weak the base64 algorithm.
  • strict: consider more algorithms and ciphers as unsafe, and request a proper configuration of all algorithms
    These algorithms are currently considered safe by Owasp, but other organizations may apply stricter rules and ban such algorithms as well. Moreover, when this option is enabled, the usage of salt (where possible) and of a higher number of algorithm's iterations are required

Annotations understood by this checker

  • @com.juliasoft.julia.checkers.cryptography.CryptographicFunctionWithInadequateSaltSize
  • @com.juliasoft.julia.checkers.cryptography.DeprecatedKeyDerivationFunction
  • @com.juliasoft.julia.checkers.cryptography.DeprecatedOrDeletedCryptographicProvider
  • @com.juliasoft.julia.checkers.cryptography.ShouldBeCryptographyWithAdequateSalt
  • @com.juliasoft.julia.checkers.cryptography.ShouldBeCryptographyWithAdequateSaltSize
  • @com.juliasoft.julia.checkers.cryptography.ShouldBeNotDeprecatedOrDeletedCryptographicProvider
  • @com.juliasoft.julia.checkers.cryptography.ShouldBeNotUnsafeBase64Decoding
  • @com.juliasoft.julia.checkers.cryptography.ShouldBeRobustCryptographicAlgorithm
  • @com.juliasoft.julia.checkers.cryptography.ShouldBeRobustHashingAlgorithm
  • @com.juliasoft.julia.checkers.cryptography.UnsafeBase64Decoding
  • @com.juliasoft.julia.checkers.cryptography.UnsafeCryptographicAlgorithm
  • @com.juliasoft.julia.checkers.cryptography.UnsafeHashingAlgorithm


Description

Some cryptography algorithms are nowadays considered as outdated and unsafe or actually broken, since they are too easy to decode. This checker identifies uses of unsafe algorithms for cryptography.

Action: Use a safer cryptography algorithm.
Strict cryptography checks

The cryptography checker with the option strict=true allows to check the usage of salt (where possible), the number of algorithms iterations and to apply more strict checks on the used algorithms. In particular with this option, the following algorithms are consider as unsafe :

Cryptography Cipher Hashing
RC2 ECB MD2
RC4 CBC MD4
DES (all variant) OFB MD5
SSL (all variant) CTS SHA1
BLOWFISH CFB
Note: Some of these algorithms could be currently considered safe by Owasp, but other organizations may apply stricter rules and ban such algorithms as well.

Some cryptography algorithms are nowadays considered as outdated and unsafe or actually broken, since they are too easy to decode. This checker identifies uses of unsafe algorithms for cryptography.

Action: Use a safer cryptography algorithm.
Strict cryptography checks

The cryptography checker with the option strict=true allows to check the usage of salt (where possible), the number of algorithms iterations and to apply more strict checks on the used algorithms. In particular with this option, the following algorithms are consider as unsafe :

Cryptography Cipher Hashing
RC2 ECB MD2
RC4 CBC MD4
DES (all variant) OFB MD5
SSL (all variant) CTS SHA1
BLOWFISH CFB
Note: Some of these algorithms could be currently considered safe by Owasp, but other organizations may apply stricter rules and ban such algorithms as well.

Some cryptography algorithms are nowadays considered as outdated and unsafe or actually broken, since they are too easy to decode. This checker identifies uses of unsafe algorithms for cryptography.

Action: Use a safer cryptography algorithm.
Strict cryptography checks

The cryptography checker with the option strict=true allows to check the usage of salt (where possible), the number of algorithms iterations and to apply more strict checks on the used algorithms. In particular with this option, the following algorithms are consider as unsafe :

Cryptography Cipher Hashing
RC2 ECB MD2
RC4 CBC MD4
DES (all variant) OFB MD5
SSL (all variant) CTS SHA1
BLOWFISH CFB
Note: Some of these algorithms could be currently considered safe by Owasp, but other organizations may apply stricter rules and ban such algorithms as well.

Examples

Consider the following program:

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

public class BrokenAlgorithms {

	public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
	    Cipher.getInstance("DES");
	    Cipher.getInstance("MyComplexAlgo", "myProvider");
	    Cipher.getInstance("MD5", "myProvider");
	    
		String mypassword= "Hello World !";
	    Base64.decodeBase64(mypassword.getBytes());
	    
	    Cipher.getInstance("AES/ECB/NoPadding")
	    Cipher.getInstance("AES");
	}
}

This checker issues the following warnings:

BrokenAlgorithms.java:13: [Cryptography: CryptographicAlgorithmWithRiskyDefaultCipherAlgorithmWarning] The cryptographic algorithm does not explicity the cipher mode, a broken or risky unsafe cryptographic cipher algorithm could be used by default
BrokenAlgorithms.java:13: [Cryptography: RiskyCryptographicAlgorithmWarning] A broken or risky cryptographic algorithm is used here
BrokenAlgorithms.java:15: [Cryptography: WeakHashingAlgorithmWarning] A weak, possibly reversible hashing algorithm is used here
BrokenAlgorithms.java:18: [Cryptography: UnsafeBase64EncodingWarning] The Base64 encoding is used here, but it is nowadays easy to read
BrokenAlgorithms.java:20: [Cryptography: CryptographicAlgorithmWithRiskyCipherAlgorithmWarning] A broken or risky cipher algorithm is used here
BrokenAlgorithms.java:21: [Cryptography: CryptographicAlgorithmWithRiskyDefaultCipherAlgorithmWarning] The cryptographic algorithm does not explicity the cipher mode, a broken or risky unsafe cryptographic cipher algorithm could be used by default

since DES, MD5 and ECB cryptography is nowadays considered as broken, while the Base64 encoding is relatively easy to decode and it does not used with sensitive data. As for secure cryptographic algorithms, it is very important to check their behavior because they could implement the unsafe encryption mode or hash algorithm by default. For example the warning at line 21 is triggered because although AES is a secure algorithm, the Cipher.getInstance("AES") sets the ECB cipher mode by default that is considered unsafe. A safe implementation could be Cipher.getInstance("AES/GCM/NoPadding"), where GCM (Galois/Counter Mode) is a safe cipher mode.

Consider the following program:

using System;
using System.Security.Cryptography;

namespace DocumentationExamples
{
    public class Cryptography
    {
        public static void Main(string[] args)
        {
            DES.Create();
            SHA256.Create();
            MD5.Create();

            string mypassword = "HELLO WORLD!";
            Convert.FromBase64String(mypassword);

            AesCryptoServiceProvider provider = new AesCryptoServiceProvider();
            provider.Mode = CipherMode.ECB;

        }
    }
}

This checker issues the following warnings:

DocumentationExamples.cs:10: [Cryptography: RiskyCryptographicAlgorithmWarning] A broken or risky cryptographic algorithm is used here
DocumentationExamples.cs:12: [Cryptography: WeakHashingAlgorithmWarning] A weak, possibly reversible hashing algorithm is used here
DocumentationExamples.cs:15: [Cryptography: UnsafeBase64EncodingWarning] The Base64 encoding is used here, but it is nowadays easy to read
DocumentationExamples.cs:18: [Cryptography: RiskyCipherAlgorithmWarning] A broken or risky cipher algorithm is used here

since DES and MD5 cryptography is nowadays considered as broken, while the Base64 encoding is relatively easy to decode. The warning at line 18 is triggered because although the AES algorithm of AesCryptoServiceProvider() is a secure algorithm, the ECB set is an unsafe cipher mode. In this case the GCM (Galois/Counter Mode) is advisable. The .NET frameworks doesn't provide natively GCM cipher mode then you will have to adopt a third-party implementation, using a secure and certificated library.

Consider the following program:

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;


public class BrokenAlgorithms {

	public BrokenAlgorithms() {
		try {
			Cipher.getInstance("DES");
			Cipher.getInstance("MyComplexAlgo", "myProvider");
			Cipher.getInstance("MD5", "myProvider");
			   
			String mypassword= "Hello World !";
			Base64.getDecoder().decode(mypassword.getBytes());
			    
			Cipher.getInstance("AES/ECB/NoPadding");
			Cipher.getInstance("AES");
			    
			Cipher.getInstance("MyComplexAlgo", "BC"); // BouncyCastle provider
			Cipher.getInstance("MyComplexAlgo", "Crypto");
		} catch (NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException e) {
			e.printStackTrace();
		}
	}
}

This checker issues the following warnings:

BrokenAlgorithms.java:13: [Cryptography: CryptographicAlgorithmWithRiskyDefaultCipherAlgorithmWarning] The cryptographic algorithm does not explicity the cipher mode, a broken or risky unsafe cryptographic cipher algorithm could be used by default
BrokenAlgorithms.java:13: [Cryptography: RiskyCryptographicAlgorithmWarning] A broken or risky cryptographic algorithm is used here
BrokenAlgorithms.java:15: [Cryptography: WeakHashingAlgorithmWarning] A weak, possibly reversible hashing algorithm is used here
BrokenAlgorithms.java:18: [Cryptography: UnsafeBase64EncodingWarning] The Base64 encoding is used here, but it is nowadays easy to read
BrokenAlgorithms.java:20: [Cryptography: CryptographicAlgorithmWithRiskyCipherAlgorithmWarning] A broken or risky cipher algorithm is used here
BrokenAlgorithms.java:21: [Cryptography: CryptographicAlgorithmWithRiskyDefaultCipherAlgorithmWarning] The cryptographic algorithm does not explicity the cipher mode, a broken or risky unsafe cryptographic cipher algorithm could be used by default
BrokenAlgorithms.java:23: [Cryptography: DeprecatedOrDeletedCryptographyProviderMethodWarning] The provider used is deprecated for the selected framework, which could lead to exceptions or unexpected behavior
BrokenAlgorithms.java:24: [Cryptography: DeprecatedOrDeletedCryptographyProviderMethodWarning] The provider used is deprecated for the selected framework, which could lead to exceptions or unexpected behavior

since DES, MD5 and ECB cryptography is nowadays considered as broken, while the Base64 encoding is relatively easy to decode and it does not used with sensitive data. As for secure cryptographic algorithms, it is very important to check their behavior because they could implement the unsafe encryption mode or hash algorithm by default. For example the warning at line 15 is triggered because although AES is a secure algorithm, the Cipher.getInstance("AES") sets the ECB cipher mode by default that is considered unsafe. A safe implementation could be Cipher.getInstance("AES/GCM/NoPadding"), where GCM (Galois/Counter Mode) is a safe cipher mode. The transition to new version of Android could lead to deprecation or deletion of cryptographic components and libraries. Once removed, any call that requests a removed components will throw an exception. In particular the Security "Crypto" provider was deprecated in Android N (android API 24) and deleted in Android P and the BouncyCastle library was deprecated in Android P (android API 28)

Consider the following program:

import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SecureRandom;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyGenerator;

public class Main {
  public static void main(String[] args) {
  
	  try {
		  
		Signature sgn = Signature.getInstance("SHA256withRSA");
		KeyGenerator keyGen = KeyGenerator.getInstance("HmacSHA512");
		KeyAgreement keyAgree = KeyAgreement.getInstance("ECDH");
		KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
		SecureRandom r = new SecureRandom();
		
	} catch (NoSuchAlgorithmException e) {
		e.printStackTrace();
	}
  }
}

If executed with a framework android API 18 or earlier, this checker issues the following warnings :

BrokenAlgorithms.java:13: [Cryptography: PossibleGenerationOfWeakCryptographicValuesWarning] possible generation of weak cryptographic values. The pseudo-random generator may have been improperly initialized. Please check the following link for more information: https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
BrokenAlgorithms.java:14: [Cryptography: PossibleGenerationOfWeakCryptographicValuesWarning] possible generation of weak cryptographic values. The pseudo-random generator may have been improperly initialized. Please check the following link for more information: https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
BrokenAlgorithms.java:15: [Cryptography: PossibleGenerationOfWeakCryptographicValuesWarning] possible generation of weak cryptographic values. The pseudo-random generator may have been improperly initialized. Please check the following link for more information: https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
BrokenAlgorithms.java:16: [Cryptography: PossibleGenerationOfWeakCryptographicValuesWarning] possible generation of weak cryptographic values. The pseudo-random generator may have been improperly initialized. Please check the following link for more information: https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
BrokenAlgorithms.java:17: [Cryptography: PossibleGenerationOfWeakCryptographicValuesWarning] possible generation of weak cryptographic values. The pseudo-random generator may have been improperly initialized. Please check the following link for more information: https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html

The Android 4.3 and earlier have been suffering from the following issue. The issue involves the Java Cryptography Architecture (JCA) and an inadequate initialization of the underlying Pseudo Random Generation (PRNG). The analysis detects the possible instances of classes affected by the issue.