Insecure Encryption Algorithm

Need

Prevent unauthorized access and tampering of encrypted data.

Context

• Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications

• Usage of crypto library for encryption

Description

1. Non compliant code

def encrypt(data, key) do
  :crypto.block_encrypt(:des_ecb, key, data)
end

This Elixir function uses the DES algorithm to encrypt data. DES is considered insecure due to its small key size, making it susceptible to brute-force attacks.

2. Steps

• Replace the DES encryption function with the AES encryption function.

• Ensure that the key size is at least 128 bits, which is the minimum key size for AES.

3. Secure code example

def encrypt(data, key) do
  :crypto.block_encrypt(:aes_ecb, key, data)
end

This Elixir function uses the AES algorithm to encrypt data. AES is a secure encryption algorithm that is resistant to brute-force attacks due to its large key size.

References

• 052. Insecure Encryption Algorithm

On this page