[
https://issues.apache.org/jira/browse/CB-12447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kerri Shotts closed CB-12447.
-----------------------------
Resolution: Invalid
> Inadequate Encryption Strength
> ------------------------------
>
> Key: CB-12447
> URL: https://issues.apache.org/jira/browse/CB-12447
> Project: Apache Cordova
> Issue Type: Bug
> Reporter: Sahil
>
> We are using Cordova for our android hybrid app and following is the result
> for the VARACODE static scan
> Attack Vector: javax.crypto.spec.PBEKeySpec.!operator_javanewinit
> Description: This call to
> javax.crypto.spec.PBEKeySpec.!operator_javanewinit() uses fewer than 1000
> iterations for PBE key generation. RFC 2898 recommends at least 1000
> iterations because a higher iteration count increases the computational cost
> of a dictionary attack.
> Remediation: Use a minimum of 1000 iterations.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
