-
Notifications
You must be signed in to change notification settings - Fork 0
guide security quick S6 Basic Cryptography
chapter handles the solutions for secure cryptography at rest (so everything related to cryptography that is not about TLS and transport protection).
All cryptographic modules fail securely, and errors are handled in a way that does not enable oracle padding.
Purpose: The opposite of fail secure is fail open meaning, that the attacker gains something despite the failure of some cryptographic functionality. A famous example of big security flaw is the padding oracle attack on symmetric ciphers working in the CBC mode. The only reason this attack was possible, was that the data decryption mechanism threw two different exceptions when the padding was incorrect and when the MAC was incorrect. This was a very small coding issue that led to the failure of the whole cryptosystem.
Solution: Honestly, if you deal with crypto on a level, that requires you to think about oracle padding attacks and similar, then you definitely are doing something wrong. If you need to encrypt/decrypt data on the code level, use the Spring Security functionality to do so, which is a higher abstraction layer than the JCA/JCE libraries and is less prone to coding errors.
Verify that cryptographic algorithms used by the application have been validated against FIPS 140-2 or an equivalent standard.
Purpose: FIPS 140-2 is an American standard for cryptography modules. Using only FIPS approved libraries raises the trust that the crypto is working correctly.
Solution: FIPS compliant libraries for Java are rather expensive tools you can buy from big market players with one exception - Bouncy Castle - which is free, certified and available for all.
This documentation is licensed under TODO License (CC-ND?, proprietäre Lizenz?)