logo

Database

Insecure Encryption Algorithm - DSA

Need

To secure the information transmitted between the client and the server using cryptographically secure algorithms.

Context

• Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications

• Usage of Plug (1.11.1 and above) for building composable web applications in Elixir

• Usage of Plug.Crypto for cryptographic operations (version 1.2.0 and above)

Description

1. Non compliant code

defmodule MyApp.Encryption do
  def encrypt(data) do
    {:ok, key} = Plug.Crypto.KeyGenerator.generate(:dsa, {1024, 160}, :sha)
    {:ok, cipher} = :crypto.block_encrypt(:des, key, data)
    {:ok, cipher}
  end
end

This code is vulnerable because it uses the DSA encryption algorithm which is considered insecure. It could allow an attacker to decrypt the information transmitted between the client and the server.

2. Steps

• Replace the insecure DSA algorithm with a secure one like RSA or ECC.

• Ensure to use the appropriate key length based on the encryption algorithm.

3. Secure code example

defmodule MyApp.Encryption do
  def encrypt(data) do
    {:ok, key} = Plug.Crypto.KeyGenerator.generate(:rsa, :sha256)
    {:ok, cipher} = :crypto.block_encrypt(:aes, key, data)
    {:ok, cipher}
  end
end

In this secure code example, we've replaced the DSA encryption algorithm with RSA, which is considered secure. We've also switched the symmetric encryption algorithm from DES to AES.