Why is this an issue?
Strong cipher algorithms are cryptographic systems resistant to cryptanalysis, they
are not vulnerable to well-known attacks like brute force attacks for example.
A general recommendation is to only use cipher algorithms intensively tested and promoted by the cryptographic community.
More specifically for block cipher, it’s not recommended to use algorithm with a block size inferior than 128 bits.
Noncompliant code example
For System.Security.Cryptography library,
these old cryptographic algorithms should no longer be used for any reason:
Dim TripleDES1 As new TripleDESCryptoServiceProvider() ' Noncompliant: Triple DES is vulnerable to meet-in-the-middle attack
Dim SimpleDES As New DESCryptoServiceProvider() ' Noncompliant: DES works with 56-bit keys allow attacks via exhaustive search
Dim RC2 As new RC2CryptoServiceProvider() ' Noncompliant: RC2 is vulnerable to a related-key attack
For Bouncycastle library, AESFastEngine has a side channel leak, it
is possible to gain information about the key used to initialize the cipher:
Dim AesFast As new AesFastEngine() ' Noncompliant
Compliant solution
For System.Security.Cryptography library,
it’s recommended to use AesCryptoServiceProvider:
Dim AES As new AesCryptoServiceProvider() ' Compliant
For Bouncycastle library, it’s recommended to use AESEngine:
Dim AES As new AESEngine() ' Compliant
Resources
