Weak Encryption

Share on :

There are tons of ways in which your encryption may be vulnerable, specialy if you use a customised encryption method as encryption need a solid math, programming and security knowledge, even some of the common ways to encrypt your data are vulnerable to attacks, and the usage of a weak encryption method could lead to sensitive data exposure, key leakage, broken authentication, insecure session and spoofing attack.

Weak hashing functions :

MD4, MD5, RC4, RC2, DES, Blowfish, SHA-1, ECB

crypto checklist :

Key exchange: Diffie–Hellman key exchange with minimum 2048 bits
Message Integrity: HMAC-SHA2
Message Hash: SHA2 256 bits
Assymetric encryption: RSA 2048 bits
Symmetric-key algorithm: AES 128 bits
Password Hashing: PBKDF2, Scrypt, Bcrypt
ECDH、ECDSA: 256 bits

Recommendations :

• Never let the user control the key of encryption
• In RSA make sure your public key is big enough and has no factors known, you can check it on factordb.com
• Never expose both an ecryption and a decryption function for the user
• Stick to the best practices and methods mentioned in the check list

References :

• Owasp