gitlab.find_sec_bugs.BLOWFISH_KEY_SIZE-1

unknown

Download Count*

License

A small key size makes the ciphertext vulnerable to brute force attacks. At least 128 bits of entropy should be used when generating the key if use of Blowfish is required.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.BLOWFISH_KEY_SIZE-1
    patterns:
      - pattern-inside: |
          $KEYGEN = javax.crypto.KeyGenerator.getInstance("Blowfish", ...);
          ...
          $KEYGEN.init($KEY_SIZE);
      - metavariable-comparison:
          metavariable: $KEY_SIZE
          comparison: $KEY_SIZE < 128
    message: >
      A small key size makes the ciphertext vulnerable to brute force attacks.
      At least 128 bits of

      entropy should be used when generating the key if use of Blowfish is required.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-326: Inadequate Encryption Strength"
      technology:
        - java
      primary_identifier: find_sec_bugs.BLOWFISH_KEY_SIZE-1
      secondary_identifiers:
        - name: Find Security Bugs-BLOWFISH_KEY_SIZE
          type: find_sec_bugs_type
          value: BLOWFISH_KEY_SIZE
      license: MIT

Short Link: https://sg.run/NjB1