Pascal : Unsafe padding
Classification
Overview
The application uses encryption algorithm with incorrect padding which significantly weakens the encryption.
In case of asymmetric encryption you shouldn’t use RSA encryption algorithm without OAEP. The OAEP algorithm is used to preprocess messages before using RSA. The message is padded to a fixed length using OAEP and encrypted using RSA. This scheme of encryption is called RSA-OAEP.
In case of symmetric encryption the preferred method of ciphertext blocks supplementing is PKCS7, PKCS5 can also be used. Using methods with an unsuitable block dimension is unsafe.
In order to protect valuable data, use well tested implementations of standard encryption algorithms with sufficiently long keys.
Insufficient Cryptography vulnerabilities take the fifth place in the “OWASP Top 10 2016” mobile application vulnerabilities ranking.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- How to Encrypt Properly with RSA (pdf)
- What specific padding weakness does OAEP address in RSA? - security.stackexchange.com
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- CWE-327
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
- Encrypting and Hashing Data - developer.apple.com
- Bleichenbacher’s attack