Merge pull request #4256 from fatenhealy/Noblowfish

CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
2025-12-16 16:53:25 +01:00 · 2020-09-30 16:15:46 +02:00
parent d694777894 03d8fc7296
commit 32bf7d6bdf
2 changed files with 3 additions and 3 deletions
--- a/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
+++ b/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
@@ -33,7 +33,7 @@
               <code>pycrypto</code> you must specify the encryption
               algorithm to use. The first example uses DES, which is an
               older algorithm that is now considered weak. The second
-               example uses Blowfish, which is a stronger more modern algorithm.
+               example uses AES, which is a stronger modern algorithm.
          </p>

          <sample src="examples/broken_crypto.py" />
--- a/python/ql/src/Security/CWE-327/examples/broken_crypto.py
+++ b/python/ql/src/Security/CWE-327/examples/broken_crypto.py
@@ -1,4 +1,4 @@
-from Crypto.Cipher import DES, Blowfish
+from Crypto.Cipher import DES, AES

 cipher = DES.new(SECRET_KEY)

@@ -6,7 +6,7 @@ def send_encrypted(channel, message):
    channel.send(cipher.encrypt(message)) # BAD: weak encryption


-cipher = Blowfish.new(SECRET_KEY)
+cipher = AES.new(SECRET_KEY)

 def send_encrypted(channel, message):
    channel.send(cipher.encrypt(message)) # GOOD: strong encryption