Usage of ECB Cipher Mode

Overview

Rule ID: Rule ID: java_lang_weak_encryption_ecb_mode
Applicable Languages: Java
Weakness ID: CWE-327

Description

The ECB (Electronic Codebook) cipher mode is considered insecure and should not be used in cryptographic protocols. It encrypts identical plaintext blocks into identical ciphertext blocks, making it susceptible to pattern analysis and inadequate for data protection. For stronger security, use encryption algorithms with built-in message integrity and no need for a configurable mode of operation, such as ChaCha20-Poly1305. For older applications that do not support these newer algorithms, AES-256-GCM is a recommended alternative.

Remediation Guidelines

Do choose ChaCha20-Poly1305 or AES-256-GCM for encryption. These algorithms include built-in message integrity, offering a more secure alternative to ECB mode.
```
Cipher chaChaCipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of dangerous permissions NextUsage of External Input in Code Reflection

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration