Weak Algorithm
What is mean by a weak algorithm?
The encryption or hashing algorithm that we thought secure can be breakable. Also, we can say, that incorrect use of encryption algorithm also makes it weak.
The weak algorithms.
- AES-128
- java.util.Random
- ThreadLocalRandom
- MD5 Message-Digest
AES-128
AES-128(Advanced Encryption Standard ) encryption also known by its original name Rijndael is a symmetric block cipher.
What is encryption?
Transform a plaintext into ciphertext with the use of an algorithm and key is called encryption. If the same key is used then ciphertext will be the same as given plaintext.
What will be the problem in AES-128?
For the 128-bit size key, AES uses ten rounds of substitution-permutation to transform plaintext into ciphertext. It can be brute-forced.
Alternate for AES-128?: AES-256
EAR uses AES 256 standard with AES/CBC/PKCS5Padding mode for DB encryption. For the 256-bit size key, AES uses 14 rounds of substitution-permutation to transform plaintext into ciphertext. This is more resistant to attack like brute force.
Java.util.Random
Random class is not cryptographically strong. To generate a random number this class using a simple definite mathematical algorithm. The Random class uses 48-bit seeds. So, the chances of repeated numbers are high. For a random password or random keys, it is not safe to use this class.
ThreadLocalRandom
This random number generator is isolated to the present thread. Like the global Random generator employed by the maths class
Alternate for Random and ThreadLocalRandom : SecureRandom
SecureRandom provides a cryptographically strong random number generator.
MD5 Message-Digest
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. Cryptographically broken and unsuitable for further use. MD5 is prone to length extension attacks. For sensitive information, we should use this.
Alternate for Message-Digest: AES-256
Reference
https://www.synopsys.com/glossary/what-is-cryptography.html
https://www.ubiqsecurity.com/blog/128bit-or-256bit-encryption-which-to-use/