Discussions
Categories
- 382.6K All Categories
- 2.1K Data
- 213 Big Data Appliance
- 1.9K Data Science
- 448.4K Databases
- 221.1K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 541 MySQL Community Space
- 469 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 500 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.3K SQL & PL/SQL
- 21.1K SQL Developer
- 293.9K Development
- 9 Developer Projects
- 130 Programming Languages
- 290.6K Development Tools
- 96 DevOps
- 3K QA/Testing
- 645.6K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 151 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 17 Java Essentials
- 146 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 201 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 296 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 168 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 234 Portuguese
Security vulnerability issue caused by weaker algorithm
Hi folks,
There's a piece of code written in our application and it was flagged during security vulnerability testing, it's related to application security. It's totally Greek and Latin to me, any help on what to be done, would be great?
Code:
-----------
private static String ALGORITHM = "DESede";
public static byte[] encryptByteArray(String input) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, NoSuchPaddingException {
Key key = generateKey();
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] inputBytes = input.getBytes();
inputBytes = cipher.doFinal(inputBytes);
return Base64.encodeBase64(inputBytes);
}
Comments
--------------
Not implementing proper encryption leads to compromise of confidentiality.
1. Weak ciphers are generally known as encryption/ decryption algorithms that use key sizes that are less than 128 bits and vulnerable to most of the attacks.
2. Weak encoding algorithms are easy to decode.