Inadequate Encryption Strength
Description
Triple DES (also known as 3DES or DESede) is considered a weak cipher for modern applications. NIST recommends the usage of AES block ciphers instead of 3DES.
Examples
Insecure Code
scala
javax.crypto.Cipher.getInstance("DESede")Secure Code
scala
javax.crypto.Cipher.getInstance("AES")Remediation
Replace the usage of DESede with a stronger cipher like AES.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0019 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | insecure-cipher, weak-encryption |
| OWASP | N/A |