hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 04:01:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8cbf7287d66538d89c19c2bd9cf1532f45a24e9
codeql/csharp/ql/src/Security Features/Encryption using ECB.qhelp
Josh Soref 88408fbd59 spelling: ciphertext 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-10-11 00:23:36 -04:00

21 lines
654 B
XML
Raw Blame History

<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>ECB should not be used as a mode for encryption. It has dangerous weaknesses. Data is encrypted the same way every time
meaning the same plaintext input will always produce the same ciphertext. This makes encrypted messages vulnerable
to replay attacks.</p>
</overview>
<recommendation>
<p>Use a different CypherMode.</p>
</recommendation>
<references>
<li>Wikipedia, Block cypher modes of operation, <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_.28ECB.29">Electronic codebook (ECB)</a>.</li>
</references>
</qhelp>
Reference in New Issue View Git Blame Copy Permalink