[ https://issues.apache.org/jira/browse/DELTASPIKE-1474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yifan Xia updated DELTASPIKE-1474: ---------------------------------- Description: Hey everyone, I've got a question concerning the aesEncrypt method within org.apache.deltaspike.core.impl.crypto.DefaultCipherService.aesEncrypt. This method employs a custom key derivation function: {code:java} private SecretKeySpec getSecretKeySpec(String password) { byte[] pwdHash = secureHash(password); byte[] key = Arrays.copyOf(pwdHash, 16); // using only the first 128 bits // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" patch return new SecretKeySpec(key, "AES"); } {code} Here, the function hashes the provided password once to serve as the encryption key, without utilizing a standard pbkdf api. {code:java} protected byte[] c(String value) { try { MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM); return md.digest(value.getBytes(UTF_8)); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } {code} However, employing such a low iteration count might not suffice for contemporary encryption standards. For instance, RFC 8018 suggests a minimum of 1000 iterations for PBE[1]. In 2023, OWASP recommended employing 600,000 iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512[2]. How about utilizing a standard PBKDF with a higher iteration count instead? Or we can simply use multi-round hash in the secureHash method For instance: {code:java} private SecretKeySpec getSecretKeySpec(String password, String salt) { int iterationCount = 10000; // Recommended: at least 10,000 iterations int keyLength = 128; // utilizing 128-bit AES KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), iterationCount, keyLength); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] key = factory.generateSecret(spec).getEncoded(); // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" patch return new SecretKeySpec(key, "AES"); } {code} [1]["PKCS #5: Password-Based Cryptography Specification, Version 2.0"| http://tools.ietf.org/html/rfc2898#section-5.2] [2] ["Password Storage Cheat Sheet"|https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2] was: Hey everyone, I've got a question concerning the aesEncrypt method within org.apache.deltaspike.core.impl.crypto.DefaultCipherService.aesEncrypt. This method employs a custom key derivation function: ```java private SecretKeySpec getSecretKeySpec(String password) { byte[] pwdHash = secureHash(password); byte[] key = Arrays.copyOf(pwdHash, 16); // using only the first 128 bits // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" patch return new SecretKeySpec(key, "AES"); } ``` Here, the function hashes the provided password once to serve as the encryption key, without utilizing a standard pbkdf api. ```java protected byte[] c(String value) { try { MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM); return md.digest(value.getBytes(UTF_8)); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } ``` However, employing such a low iteration count might not suffice for contemporary encryption standards. For instance, RFC 8018 suggests a minimum of 1000 iterations for PBE[1]. In 2023, OWASP recommended employing 600,000 iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512[2]. How about utilizing a standard PBKDF with a higher iteration count instead? Or we can simply use multi-round hash in the secureHash method For instance: ```java private SecretKeySpec getSecretKeySpec(String password, String salt) { int iterationCount = 10000; // Recommended: at least 10,000 iterations int keyLength = 128; // utilizing 128-bit AES KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), iterationCount, keyLength); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); byte[] key = factory.generateSecret(spec).getEncoded(); // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" patch return new SecretKeySpec(key, "AES"); } ``` [1][ "PKCS #5: Password-Based Cryptography Specification, Version 2.0"|http://tools.ietf.org/html/rfc2898#section-5.2] [2] ["Password Storage Cheat Sheet"|https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2] > Inquiry Regarding Potential Inadequate Password-Based Encryption in > DefaultCipherService.aesEncrypt (DeltaSpike 1.9.4) > ---------------------------------------------------------------------------------------------------------------------- > > Key: DELTASPIKE-1474 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1474 > Project: DeltaSpike > Issue Type: Improvement > Security Level: public(Regular issues) > Reporter: Yifan Xia > Priority: Major > > Hey everyone, > I've got a question concerning the aesEncrypt method within > org.apache.deltaspike.core.impl.crypto.DefaultCipherService.aesEncrypt. > This method employs a custom key derivation function: > {code:java} > private SecretKeySpec getSecretKeySpec(String password) > { > byte[] pwdHash = secureHash(password); > byte[] key = Arrays.copyOf(pwdHash, 16); // using only the first 128 bits > // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited > Crypto" patch > return new SecretKeySpec(key, "AES"); > } > {code} > Here, the function hashes the provided password once to serve as the > encryption key, without utilizing a standard pbkdf api. > {code:java} > protected byte[] c(String value) > { > try > { > MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM); > return md.digest(value.getBytes(UTF_8)); > } > catch (NoSuchAlgorithmException e) > { > throw new RuntimeException(e); > } > } > {code} > However, employing such a low iteration count might not suffice for > contemporary encryption standards. For instance, RFC 8018 suggests a minimum > of 1000 iterations for PBE[1]. In 2023, OWASP recommended employing 600,000 > iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512[2]. > How about utilizing a standard PBKDF with a higher iteration count instead? > Or we can simply use multi-round hash in the secureHash method > For instance: > {code:java} > private SecretKeySpec getSecretKeySpec(String password, String salt) > { > int iterationCount = 10000; // Recommended: at least 10,000 iterations > int keyLength = 128; // utilizing 128-bit AES > KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), > iterationCount, keyLength); > SecretKeyFactory factory = > SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); > byte[] key = factory.generateSecret(spec).getEncoded(); > // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited > Crypto" patch > return new SecretKeySpec(key, "AES"); > } > {code} > [1]["PKCS #5: Password-Based Cryptography Specification, Version 2.0"| > http://tools.ietf.org/html/rfc2898#section-5.2] > [2] ["Password Storage Cheat > Sheet"|https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2] -- This message was sent by Atlassian Jira (v8.20.10#820010)