Strong cipher algorithms are cryptographic systems resistant to cryptanalysis, they
are not vulnerable to well-known attacks like brute force attacks for example.
A general recommendation is to only use cipher algorithms intensively tested and promoted by the cryptographic community.
More specifically for block cipher, it’s not recommended to use algorithm with a block size inferior than 128 bits.
Noncompliant Code Example
crypto built-in module:
crypto.createCipheriv("DES", key, iv); // Noncompliant: DES / 3DES is unsecure
crypto.createCipheriv("DES-EDE", key, ""); // Noncompliant: DES / 3DES is unsecure
crypto.createCipheriv("DES-EDE3", key, ""); // Noncompliant: DES / 3DES is unsecure
crypto.createCipheriv("RC2", key, iv); // Noncompliant: RC2 is vulnerable to a related-key attack
crypto.createCipheriv("RC4", key, "");// Noncompliant: RC4 is vulnerable to several attacks
crypto.createCipheriv("BF", key, iv);// Noncompliant: Blowfish use a 64-bit block size makes it vulnerable to birthday attacks
Compliant Solution
crypto built-in module:
crypto.createCipheriv("AES-256-GCM", key, iv);
See
