This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Use of hard-coded cryptographic key"
Weilin Zhong (talk | contribs) |
|||
Line 1: | Line 1: | ||
+ | {{taggedDocument | ||
+ | | type=old | ||
+ | | mode=silent | ||
+ | }} | ||
{{Template:SecureSoftware}} | {{Template:SecureSoftware}} | ||
Revision as of 21:32, 30 July 2016
Overview
The use of a hard-coded cryptographic key tremendously increases the possibility that encrypted data may be recovered
Consequences
- Authentication: If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question.
Exposure period
- Design: For both front-end to back-end connections and default account settings, alternate decisions must be made at design time.
Platform
- Languages: All
- Operating platforms: All
Required resources
Any
Severity
High
Likelihood of exploit
High
Avoidance and mitigation
- Design: Prevention schemes mirror that of hard-coded password storage.
Discussion
The main difference between the use of hard-coded passwords and the use of hard-coded cryptographic keys is the false sense of security that the former conveys. Many people believe that simply hashing a hard-coded password before storage will protect the information from malicious users. However, many hashes are reversible (or at least vulnerable to brute force attacks) - and further, many authentication protocols simply request the hash itself, making it no better than a password.
Examples
In C\C++:
int VerifyAdmin(char *password) { if (strcmp(password,"68af404b513073584c4b6f22b6c63e6b")) { printf("Incorrect Password!\n"); return(0) } printf("Entering Diagnostic Mode�\n"); return(1); }
In Java:
int VerifyAdmin(String password) { if (passwd.Eqauls("68af404b513073584c4b6f22b6c63e6b")) { return(0) } //Diagnostic Mode return(1); }