Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Security vulnerability issue caused by weaker algorithm

Ankit BhatiaSep 1 2021 — edited Sep 1 2021

Hi folks,
There's a piece of code written in our application and it was flagged during security vulnerability testing, it's related to application security. It's totally Greek and Latin to me, any help on what to be done, would be great?
Code:
-----------
private static String ALGORITHM = "DESede";
public static byte[] encryptByteArray(String input) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, NoSuchPaddingException {
Key key = generateKey();
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] inputBytes = input.getBytes();
inputBytes = cipher.doFinal(inputBytes);
return Base64.encodeBase64(inputBytes);
}

Comments
--------------
Not implementing proper encryption leads to compromise of confidentiality.
1. Weak ciphers are generally known as encryption/ decryption algorithms that use key sizes that are less than 128 bits and vulnerable to most of the attacks.
2. Weak encoding algorithms are easy to decode.

Comments
Post Details
Added on Sep 1 2021
0 comments
208 views