类型: 安全缺陷

    在安全性要求较高的系统中,使用不安全的加密算法(如DES、RC4、RC5等),将无法保证敏感数据的保密性。

    1. BufferedReader bufread2 = null;
    2. InputStreamReader inread2 = null;
    3. try {
    4.     inread2 = new InputStreamReader(System.in);
    5.     bufread2 = new BufferedReader(inread2);
    6.     String str = bufread2.readLine();
    7.     /* FLAW: Insecure cryptographic algorithm (DES) */
    8.     Cipher des = Cipher.getInstance("DES");
    9.     SecretKey key = KeyGenerator.getInstance("DES").generateKey();
    10.     des.init(Cipher.ENCRYPT_MODE, key);
    11.     byte[] enc_str = des.doFinal(str.getBytes());
    12.     IO.writeLine(IO.toHex(enc_str));
    13. } catch(IOException e) {
    14.     log_bsnk.warning("Error reading from console");
    15. } finally{
    16.     ...
    17. }