Insufficient key sizes used for an HMAC are not robust against brute force attacks. Even strong encryption algorithms are vulnerable to brute force attacks when small key sizes are used.
1function cryptographicKeyGeneratorNoncompliant()
2{
3 var object = {
4 // Noncompliant: 'modulusLength' is less than 2048 bits.
5 modulusLength: 1024,
6 publicKeyEncoding: {
7 type: 'spki',
8 format: 'pem'
9 },
10 privateKeyEncoding: {
11 type: 'pkcs8',
12 format: 'pem',
13 cipher: 'aes-256-cbc',
14 passphrase: 'top secret'
15 }
16 }
17 var { publicKey, privateKey} = crypto.generateKeyPairSync('rsa',object)
18}
1function cryptographicKeyGeneratorCompliant()
2{
3 var object = {
4 // Compliant: 'modulusLength' is 2048 bits.
5 modulusLength: 2048,
6 publicKeyEncoding: {
7 type: 'spki',
8 format: 'pem'
9 },
10 privateKeyEncoding: {
11 type: 'pkcs8',
12 format: 'pem',
13 cipher: 'aes-256-cbc',
14 passphrase: 'top secret'
15 }
16 }
17 var { publicKey, privateKey} = crypto.generateKeyPairSync('rsa', object)
18}