-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
broken_crypto.rb
107 lines (84 loc) · 3.03 KB
/
broken_crypto.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
require 'openssl'
# BAD: creating a cipher using a weak scheme
weak = OpenSSL::Cipher.new('des3')
weak.encrypt
weak.random_key
# BAD: encrypting data using a weak cipher
weak.update('foo')
weak.final
# BAD: creating a cipher using a weak block mode
weak = OpenSSL::Cipher::AES.new(128, 'ecb')
weak.encrypt
weak.random_key
# BAD: encrypting data using a weak block mode
weak.update('foo')
weak.final
# GOOD: creating a cipher using a strong scheme
strong = OpenSSL::Cipher.new('blowfish')
strong.encrypt
strong.random_key
# GOOD: encrypting data using a strong cipher
strong.update('bar')
strong.final
# BAD: weak block mode
OpenSSL::Cipher::AES.new(128, :ecb)
# GOOD: strong encryption algorithm
OpenSSL::Cipher::AES.new(128, 'cbc')
# GOOD: strong encryption algorithm
OpenSSL::Cipher::AES.new('128-cbc')
# GOOD: strong encryption algorithm
OpenSSL::Cipher::AES128.new
# BAD: weak block mode
OpenSSL::Cipher::AES128.new 'ecb'
# GOOD: strong encryption algorithm
OpenSSL::Cipher::AES192.new
# BAD: weak block mode
OpenSSL::Cipher::AES192.new 'ecb'
# GOOD: strong encryption algorithm
OpenSSL::Cipher::AES256.new
# BAD: weak block mode
OpenSSL::Cipher::AES256.new 'ecb'
# GOOD: strong encryption algorithm
OpenSSL::Cipher::BF.new
# BAD: weak block mode
OpenSSL::Cipher::BF.new 'ecb'
# GOOD: strong encryption algorithm
OpenSSL::Cipher::CAST5.new
# BAD: weak block mode
OpenSSL::Cipher::CAST5.new 'ecb'
# BAD: weak encryption algorithm
OpenSSL::Cipher::DES.new
# BAD: weak encryption algorithm
OpenSSL::Cipher::DES.new 'cbc'
# GOOD: strong encryption algorithm
OpenSSL::Cipher::IDEA.new
# BAD: weak block mode
OpenSSL::Cipher::IDEA.new 'ecb'
# BAD: weak encryption algorithm
OpenSSL::Cipher::RC2.new
# BAD: weak encryption algorithm
OpenSSL::Cipher::RC2.new 'ecb'
# BAD: weak encryption algorithm
OpenSSL::Cipher::RC4.new
# BAD: weak encryption algorithm
OpenSSL::Cipher::RC4.new '40'
# BAD: weak encryption algorithm
OpenSSL::Cipher::RC4.new 'hmac-md5'
Digest::MD5.hexdigest('foo') # OK: don't report hash algorithm even if it is weak
Digest::SHA256.hexdigest('foo') # GOOD: strong hash algorithm
Digest::MD5.base64digest('foo') # OK: don't report hash algorithm even if it is weak
md5 = Digest::MD5.new
md5.digest 'message' # OK: don't report hash algorithm even if it is weak
md5.update 'message1' # # OK: don't report hash algorithm even if it is weak
md5 << 'message2' # << is an alias for update
sha256 = Digest::SHA256.new
sha256.digest 'message' # GOOD: strong hash algorithm
Digest::MD5.bubblebabble 'message' # OK: don't report hash algorithm even if it is weak
filemd5 = Digest::MD5.file 'testfile' # OK: don't report hash algorithm even if it is weak
filemd5.hexdigest
Digest("MD5").hexdigest('foo') # OK: don't report hash algorithm even if it is weak
sha1 = OpenSSL::Digest.new('SHA1')
sha1.digest 'message' # OK: don't report hash algorithm even if it is weak
sha1 << 'message' # << is an alias for update
OpenSSL::Digest.digest('SHA1', "abc") # OK: don't report hash algorithm even if it is weak
OpenSSL::Digest.digest('SHA3-512', "abc") # GOOD: strong hash algorithm