[jira] [Created] (DELTASPIKE-1474) Inquiry Regarding Potential Inadequate Password-Based Encryption in DefaultCipherService.aesEncrypt (DeltaSpike 1.9.4)

Wed, 24 Apr 2024 23:19:17 -0700 

Yifan Xia created DELTASPIKE-1474:
-------------------------------------

             Summary: Inquiry Regarding Potential Inadequate Password-Based 
Encryption in DefaultCipherService.aesEncrypt (DeltaSpike 1.9.4)
                 Key: DELTASPIKE-1474
                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-1474
             Project: DeltaSpike
          Issue Type: Improvement
      Security Level: public (Regular issues)
            Reporter: Yifan Xia


Hey everyone,

I've got a question concerning the aesEncrypt method within 
org.apache.deltaspike.core.impl.crypto.DefaultCipherService.aesEncrypt.

This method employs a custom key derivation function:

```java
private SecretKeySpec getSecretKeySpec(String password)
{
byte[] pwdHash = secureHash(password);
byte[] key = Arrays.copyOf(pwdHash, 16); // using only the first 128 bits
// Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" 
patch
return new SecretKeySpec(key, "AES");
}
```

Here, the function hashes the provided password once to serve as the encryption 
key, without utilizing a standard pbkdf api.

```java
protected byte[] c(String value)
{
try
{
MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
return md.digest(value.getBytes(UTF_8));
}
catch (NoSuchAlgorithmException e)
{
throw new RuntimeException(e);
}
}
```

However, employing such a low iteration count might not suffice for 
contemporary encryption standards. For instance, RFC 8018 suggests a minimum of 
1000 iterations for PBE[1]. In 2023, OWASP recommended employing 600,000 
iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512[2]. 

How about utilizing a standard PBKDF with a higher iteration count instead?
Or we can simply use multi-round hash in the secureHash method

For instance:

```java
private SecretKeySpec getSecretKeySpec(String password, String salt)
{
int iterationCount = 10000; // Recommended: at least 10,000 iterations
int keyLength = 128; // utilizing 128-bit AES
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 
iterationCount, keyLength);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
byte[] key = factory.generateSecret(spec).getEncoded();
// Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" 
patch
return new SecretKeySpec(key, "AES");
}
```

[1][ "PKCS #5: Password-Based Cryptography Specification, Version 
2.0"|http://tools.ietf.org/html/rfc2898#section-5.2]
[2]  ["Password Storage Cheat 
Sheet"|https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2]





--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to