search
HomeOperation and MaintenanceSafetyHow to avoid weak encryption in C language
How to avoid weak encryption in C languageMay 16, 2023 am 08:19 AM
c language

1. Weak Encryption

Encryption refers to using a special algorithm to change the original information data, so that even if unauthorized users obtain the encrypted information, they will not know the information. The method of decryption still cannot understand the content of the message. Common encryption algorithms can be mainly divided into: symmetric encryption, asymmetric encryption, and one-way encryption. Various encryption algorithms are used in different scenarios. Choose the appropriate algorithm based on the characteristics of the encryption algorithm, such as computing speed, security, and key management methods. However, security is an important indicator to measure the quality of the encryption algorithm. Encryption that is easily cracked Algorithms are called weak encryption algorithms, such as the DES algorithm that can be cracked in a limited time using exhaustive methods. This article takes the JAVA language source code as an example to analyze the causes of weak encryption and how to repair it.

2. The dangers of weak encryption

For encryption algorithms that are weak in attack resistance, once exploited, personal privacy information may be leaked and even property losses may occur. From January 2018 to April 2019, there were a total of 2 vulnerability information related to it in CVE. The vulnerability information is as follows:

##CVEVulnerability OverviewCVE-2018-9028Weak encryption is used when transmitting passwords in CA Privileged AccessManager 2.x, which reduces the complexity of password cracking. CVE-2018-6619 In Easy Hosting Control Panel (EHCP) v0.37.12.b, it makes it easier for attackers to Crack database password.

3. Sample code

The sample code used below comes from Benchmark (https://www.owasp.org/index .php/Benchmark), source file name: BenchmarkTest00019.java.

3.1 Defect code

How to avoid weak encryption in C language

The above example code operation is to read the content in the request and encrypt it, in Chapter 49 Line gets the instance of reading the configuration file

benchmarkprops. Load the configuration file on line 50, and read the attribute cryptoAlg1 in the configuration file on lines 52 to 53. If there is no such attribute, the default is to use DESede/ECB/PKCS5Padding to algorithm Assignment. Line 54 will use algorithm as the encryption algorithm to construct the encryption object c. Next prepare the encrypted password. Lines 57~58 instantiate a key generator for the DES encryption algorithm. Line 59 specifies that the operation mode of encryption object c is encryption, where key is the key. Lines 62 to 76 convert the input stream in the request into a byte array input, and line 77 encrypts the input. The encryption result is a byte array result. The key generated using the DES algorithm is short, only 56 bits, and the operation speed is slow. Moreover, the DES algorithm completely relies on the key and is vulnerable to exhaustive search attacks.

Use Code Guard to detect the above sample code. You can detect the "weak encryption" defect, and the display level is medium. The defect is reported in line 57 of the code, as shown in Figure 1:

How to avoid weak encryption in C language

Figure 1: Weak encryption detection example

3.2 Repair Code

How to avoid weak encryption in C language

#In the above repair code, line 58 uses the AES algorithm instead of the DES algorithm. AES can generate a key of at least 128 bits and up to 256 bits, and The operation speed is fast and the memory usage is low.

Use Code Guard to detect the repaired code, and you can see that there is no "weak encryption" defect. As shown in Figure 2:

How to avoid weak encryption in C language
##Figure 2: Detection results after repair

4. How to avoid weak encryption

In systems with high security requirements, it is recommended to use secure encryption algorithms (such as AES, RSA) to encrypt sensitive data.

The above is the detailed content of How to avoid weak encryption in C language. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete
(超详细)VScode中配置C语言环境的方法(超详细)VScode中配置C语言环境的方法Dec 05, 2022 pm 07:05 PM

VScode中怎么配置C语言环境?下面本篇文章给大家介绍一下VScode配置C语言环境的方法(超详细),希望对大家有所帮助!

c语言中node是什么意思c语言中node是什么意思Jul 06, 2022 pm 03:51 PM

在C语言中,node是用于定义链表结点的名称,通常在数据结构中用作结点的类型名,语法为“struct Node{...};”;结构和类在定义出名称以后,直接用该名称就可以定义对象,C语言中还存在“Node * a”和“Node* &a”。

c语言开根号运算符是什么c语言开根号运算符是什么Mar 06, 2023 pm 02:39 PM

在c语言中,没有开根号运算符,开根号使用的是内置函数“sqrt()”,使用语法“sqrt(数值x)”;例如“sqrt(4)”,就是对4进行平方根运算,结果为2。sqrt()是c语言内置的开根号运算函数,其运算结果是函数变量的算术平方根;该函数既不能运算负数值,也不能输出虚数结果。

c语言怎么将数字转换成字符串c语言怎么将数字转换成字符串Jan 04, 2023 pm 03:20 PM

c语言将数字转换成字符串的方法:1、ascii码操作,在原数字的基础上加“0x30”,语法“数字+0x30”,会存储数字对应的字符ascii码;2、使用itoa(),可以把整型数转换成字符串,语法“itoa(number1,string,数字);”;3、使用sprintf(),可以能够根据指定的需求,格式化内容,存储至指针指向的字符串。

c语言数组如何初始化c语言数组如何初始化Jan 04, 2023 pm 03:36 PM

C语言数组初始化的三种方式:1、在定义时直接赋值,语法“数据类型 arrayName[index] = {值};”;2、利用for循环初始化,语法“for (int i=0;i<3;i++) {arr[i] = i;}”;3、使用memset()函数初始化,语法“memset(arr, 0, sizeof(int) * 3)”。

c语言合法标识符的要求是什么c语言合法标识符的要求是什么Aug 27, 2020 pm 01:47 PM

c语言合法标识符的要求是:1、标识符只能由字母(A~Z, a~z)、数字(0~9)和下划线(_)组成;2、第一个字符必须是字母或下划线,不能是数字;3、标识符中的大小写字母是有区别的,代表不同含义;4、标识符不能是关键字。

c语言中源文件编译后生成什么文件c语言中源文件编译后生成什么文件Nov 23, 2022 pm 07:44 PM

c语言编译后生成“.OBJ”的二进制文件(目标文件)。在C语言中,源程序(.c文件)经过编译程序编译之后,会生成一个后缀为“.OBJ”的二进制文件(称为目标文件);最后还要由称为“连接程序”(Link)的软件,把此“.OBJ”文件与c语言提供的各种库函数连接在一起,生成一个后缀“.EXE”的可执行文件。

c语言怎么计算n的阶乘c语言怎么计算n的阶乘Jan 04, 2023 pm 03:18 PM

c语言计算n的阶乘的方法:1、通过for循环计算阶乘,代码如“for (i = 1; i <= n; i++){fact *= i;}”;2、通过while循环计算阶乘,代码如“while (i <= n){fact *= i;i++;}”;3、通过递归方式计算阶乘,代码如“ int Fact(int n){int res = n;if (n > 1)res...”。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!