Insecure Encryption Algorithm - DSA - Elixir

Insecure Encryption Algorithm - DSA - Elixir

Need

To secure the information transmitted between the client and the server using cryptographically secure algorithms.

Context

  • Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
  • Usage of Plug (1.11.1 and above) for building composable web applications in Elixir
  • Usage of Plug.Crypto for cryptographic operations (version 1.2.0 and above)

Description

Non compliant code

        defmodule MyApp.Encryption do
  def encrypt(data) do
    {:ok, key} = Plug.Crypto.KeyGenerator.generate(:dsa, {1024, 160}, :sha)
    {:ok, cipher} = :crypto.block_encrypt(:des, key, data)
    {:ok, cipher}
  end
end
        
        

This code is vulnerable because it uses the DSA encryption algorithm which is considered insecure. It could allow an attacker to decrypt the information transmitted between the client and the server.

Steps

  • Replace the insecure DSA algorithm with a secure one like RSA or ECC.
  • Ensure to use the appropriate key length based on the encryption algorithm.

Compliant code

        defmodule MyApp.Encryption do
  def encrypt(data) do
    {:ok, key} = Plug.Crypto.KeyGenerator.generate(:rsa, :sha256)
    {:ok, cipher} = :crypto.block_encrypt(:aes, key, data)
    {:ok, cipher}
  end
end
        
        

In this secure code example, we've replaced the DSA encryption algorithm with RSA, which is considered secure. We've also switched the symmetric encryption algorithm from DES to AES.

References