Insufficient key sizes used for an HMAC are not robust against brute force attacks. Even strong encryption algorithms are vulnerable to brute force attacks when small key sizes are used.
1function cryptographicKeyGeneratorNoncompliant()
2{
3 var crypto = require("crypto")
4 var object = {
5 // Noncompliant: 'modulusLength' is less than 2048 bits.
6 modulusLength: 1024,
7 publicKeyEncoding: {
8 type: 'spki',
9 format: 'pem'
10 },
11 privateKeyEncoding: {
12 type: 'pkcs8',
13 format: 'pem',
14 cipher: 'aes-256-cbc',
15 passphrase: 'top secret'
16 }
17 }
18 var { publicKey, privateKey} = crypto.generateKeyPairSync('rsa',object)
19}
1function cryptographicKeyGeneratorCompliant()
2{
3 var crypto = require("crypto")
4 var object = {
5 // Compliant: 'modulusLength' is 2048 bits.
6 modulusLength: 2048,
7 publicKeyEncoding: {
8 type: 'spki',
9 format: 'pem'
10 },
11 privateKeyEncoding: {
12 type: 'pkcs8',
13 format: 'pem',
14 cipher: 'aes-256-cbc',
15 passphrase: 'top secret'
16 }
17 }
18 var { publicKey, privateKey} = crypto.generateKeyPairSync('rsa', object)
19}