To perform secure cryptography, operation modes and padding scheme are essentials and should be used correctly according to the encryption
algorithm:
- For block cipher encryption algorithms (like AES), the GCM (Galois Counter Mode) mode that works internally with zero/no padding scheme, is recommended. At the
opposite, these modes and/or schemes are highly discouraged:
- Electronic Codebook (ECB) mode is vulnerable because it doesn't provide serious message confidentiality: under a given key any given
plaintext block always gets encrypted to the same ciphertext block.
- Cipher Block Chaining (CBC) with PKCS#5 padding (or PKCS#7) is vulnerable to padding oracle attacks.
- RSA encryption algorithm should be used with the recommended padding scheme (OAEP)
Noncompliant Code Example
crypto built-in module:
crypto.createCipheriv("AES-128-CBC", key, iv); // Noncompliant: CBC with PKCS5/7 (set by default) is vulnerable to oracle padding attacks
crypto.createCipheriv("AES-128-ECB", key, ""); // Noncompliant: ECB doesn't provide serious message confidentiality
Compliant Solution
crypto built-in module:
crypto.createCipheriv("AES-256-GCM", key, iv);
See