Insecure Encryption Algorithm - Elixir

Need

Prevent unauthorized access and tampering of encrypted data.

Context

1. Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications
2. Usage of crypto library for encryption

Description

Insecure Code Example

def encrypt(data, key) do
  :crypto.block_encrypt(:des_ecb, key, data)
end

This Elixir function uses the DES algorithm to encrypt data. DES is considered insecure due to its small key size, making it susceptible to brute-force attacks.

Steps

1. Replace the DES encryption function with the AES encryption function.
2. Ensure that the key size is at least 128 bits, which is the minimum key size for AES.

Secure Code Example

def encrypt(data, key) do
  :crypto.block_encrypt(:aes_ecb, key, data)
end

This Elixir function uses the AES algorithm to encrypt data. AES is a secure encryption algorithm that is resistant to brute-force attacks due to its large key size.

References

Last updated

2023/09/18