This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Cryptographic Vulnerability"
From OWASP
Weilin Zhong (talk | contribs) (→Examples) |
|||
Line 5: | Line 5: | ||
* Algorithm Problems | * Algorithm Problems | ||
** Insecure Algorithm | ** Insecure Algorithm | ||
− | *** Use algorithms that are proven flawed or weak (DES, MD5) | + | *** Use algorithms that are proven flawed or weak (DES, 3DES, MD5, Sha1, AES, Blowfish, Diffie Hellman) |
*** Use non-standard (home-grown) algorithms | *** Use non-standard (home-grown) algorithms | ||
** Choose the wrong algorithm | ** Choose the wrong algorithm | ||
Line 28: | Line 28: | ||
** Poor random number generators (c: rand(), Java: java.util.Random()) | ** Poor random number generators (c: rand(), Java: java.util.Random()) | ||
** Forget to seed the random number generator | ** Forget to seed the random number generator | ||
− | ** Use the same seed for the random number generator every time | + | ** Use the same seed for the random number generator every time |
+ | ** Sniffing | ||
[[Category:Vulnerability]] | [[Category:Vulnerability]] | ||
{{Template:Stub}} | {{Template:Stub}} |
Latest revision as of 16:15, 13 September 2010
This category is for tagging vulnerabilities that related to cryptographic modules.
Examples
- Algorithm Problems
- Insecure Algorithm
- Use algorithms that are proven flawed or weak (DES, 3DES, MD5, Sha1, AES, Blowfish, Diffie Hellman)
- Use non-standard (home-grown) algorithms
- Choose the wrong algorithm
- Use hash function for encryption
- Use encryption algorithm for hashing
- Inappropriate use of an algorithm
- Use insecure encryption modes (DES EBC)
- Initial vector is not random
- Implementation errors
- Use non-standard cryptographic implementations/libraries
- Insecure Algorithm
- Key Management Problems
- Weak keys
- Too short or not random enough
- Use human chosen passwords as cryptographic keys
- Key disclosure
- Keys not encrypted during storage or transmission
- Keys not cleaned appropriately after use
- Keys Hard-coded in the code or stored in configuration files
- Key updates
- Allow keys aging
- Weak keys
- Random Number Generator (RNG) Problems
- Poor random number generators (c: rand(), Java: java.util.Random())
- Forget to seed the random number generator
- Use the same seed for the random number generator every time
- Sniffing
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Pages in category "Cryptographic Vulnerability"
The following 9 pages are in this category, out of 9 total.