Inadequate Encryption Strength
Description
A small key size makes the ciphertext vulnerable to brute force attacks. At least 128 bits of entropy should be used when generating the key if use of Blowfish is required.
Examples
Insecure Code
scala
val keyGen = KeyGenerator.getInstance("Blowfish"); keyGen.init(64);Secure Code
scala
val keyGen = KeyGenerator.getInstance("Blowfish"); keyGen.init(128);Remediation
Increase the key size to at least 128 bits when generating the key for Blowfish encryption.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0017 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | inadequate encryption, blowfish |
| OWASP | N/A |