cancel
Showing results for 
Search instead for 
Did you mean: 

Broken Cryptography

0 Kudos

Broken Cryptography

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.Attacker may be able to break the algorithm and compromise whatever data has been protected that may result in the exposure of sensitive information.

1.Do not develop custom or private cryptographic algorithms.

2.Ensure that you use a strong, modern cryptographic algorithm.

Use at least AES-128 or RSA-2048. For more information refer: http://wiki.scap.org.cn/cwe/en/definition/327

ex : $sha1Sum = sha1($contents);

 

$cacheKey = sha1($routePath . $this->serializer->serialize($cachedParams));

if (!isset($this->cacheUrl[$cacheKey])) { $this->cacheUrl[$cacheKey] = $this->getUrlModifier()->execute( $this->createUrl($routePath, $routeParams) ); }

in vendor\magento\framework\Url.php (Line:870) file, SHA1 used. We can use the modern crypto algorithm.

CWE Code : CWE-327

1 Comment
dedward147887c
Occasional Contributor

If you decided to know trading and mining processes, it's worth to learn more about it on some sources. In my opinion, I think you should read more information about crypto mining on this weblink https://tabtrader.com/articles/what-is-cryptocurrency-mining. Since I found this source, I acquired more knowledge about cryptocurrency mining process and I started to earn more and more ery day. I think you may also try to use it.