• Home
• org.sonarsource.java
• java-checks
• 3.7
• source code
• S2278.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S2278.html Maven / Gradle / Ivy

According to the US National Institute of Standards and Technology (NIST), the Data Encryption Standard (DES) is no longer considered secure:

Adopted in 1977 for federal agencies to use in protecting sensitive, unclassified information, the DES is being withdrawn because it no longer provides the security that is needed to protect federal government information.
Federal agencies are encouraged to use the Advanced Encryption Standard, a faster and stronger algorithm approved as FIPS 197 in 2001.

Noncompliant Code Example

Cipher c = Cipher.getInstance("DESede/ECB/PKCS5Padding");

Compliant Solution

Cipher c = Cipher.getInstance("AES/GCM/NoPadding");

See


 MITRE CWE-326 - Inadequate Encryption Strength
 MITRE CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
 Derived from FindSecBugs rule DES / DESede Unsafe