Cryptographic key generator High

Insufficient key sizes used for an HMAC are not robust against brute force attacks. Even strong encryption algorithms are vulnerable to brute force attacks when small key sizes are used.

Detector ID
typescript/cryptographic-key-generator@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1function cryptographicKeyGeneratorNoncompliant()
2{
3  var object = {
4    // Noncompliant: 'modulusLength' is less than 2048 bits.
5    modulusLength: 1024,
6    publicKeyEncoding: {
7      type: 'spki',
8      format: 'pem'
9    },
10    privateKeyEncoding: {
11      type: 'pkcs8',
12      format: 'pem',
13      cipher: 'aes-256-cbc',
14      passphrase: 'top secret'
15    }
16  }
17  var { publicKey, privateKey} = crypto.generateKeyPairSync('rsa',object)
18}

Compliant example

1function cryptographicKeyGeneratorCompliant()
2{
3  var object = {
4    // Compliant: 'modulusLength' is 2048 bits.
5    modulusLength: 2048,
6    publicKeyEncoding: {
7      type: 'spki',
8      format: 'pem'
9    },
10    privateKeyEncoding: {
11      type: 'pkcs8',
12      format: 'pem',
13      cipher: 'aes-256-cbc',
14      passphrase: 'top secret'
15    }
16  }
17  var { publicKey, privateKey} = crypto.generateKeyPairSync('rsa', object)
18}