CWE-329 在CBC加密模式中未使用随机化IV向量
Not Using a Random IV with CBC Mode
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: Medium
基本描述
Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 330 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 573 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Other'] | ['Read Application Data', 'Other'] | If the CBC is not properly initialized, data that is encrypted can be compromised and therefore be read. |
| Integrity | Modify Application Data | If the CBC is not properly initialized, encrypted data could be tampered with in transfer. |
| ['Access Control', 'Other'] | ['Bypass Protection Mechanism', 'Other'] | Cryptographic based authentication systems could be defeated. |
可能的缓解方案
Implementation
策略:
It is important to properly initialize CBC operating block ciphers or their utility is lost.
示例代码
例
In the following examples, CBC mode is used when encrypting data:
bad C
char key[EVP_MAX_KEY_LENGTH];
char iv[EVP_MAX_IV_LENGTH];
RAND_bytes(key, b);
memset(iv,0,EVP_MAX_IV_LENGTH);
EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);
bad Java
byte[] text ="Secret".getBytes();
byte[] iv ={
KeyGenerator kg = KeyGenerator.getInstance("DES");
kg.init(56);
SecretKey key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
IvParameterSpec ips = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ips);
return cipher.doFinal(inpBytes);
In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CLASP | Not using a random IV with CBC mode |