Web Application Security Design Inspection Questions - Cryptography

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan


Cryptography Vulnerabilities

Vulnerability

Implications

Using custom cryptography

This is almost certainly less secure than the tried and tested platform-provided cryptography.

Using the wrong algorithm or too small a key size

Newer algorithms increase security. Larger key sizes increase security.

Failing to secure encryption keys

Encrypted data is only as secure as the encryption key.

Using the same key for a prolonged period of time

A static key is more likely to be discovered over time.


If your application uses cryptography to provide security, examine what it is used for and the way it is used. Table 5.7 shows the most common vulnerabilities relating to cryptography.

Review the following questions to help validate the handling of sensitive data by your application:

  • Why do you use particular algorithms?
  • How do you secure encryption keys?


Why do you use particular algorithms?

Cryptography only provides real security if it is used appropriately and the right algorithms are used for the right job. The strength of the algorithm is also important. Review the following questions to review your use of cryptographic algorithms:

  • Do you develop your own cryptography?

Do not. Cryptographic algorithms and routines are notoriously difficult to develop and get right. Custom implementations frequently result in weak protection and are almost always less secure than the proven platform-provided services.

  • Do you use the right algorithm with an adequate key size?

Examine what algorithms your application uses and for what purpose. Larger key sizes result in improved security, but performance suffers. Stronger encryption is most important for persisted data that is retained in data stores for prolonged periods of time.


How do you secure encryption keys?

The encrypted data is only as secure as the key. To decipher encrypted data, an attacker must be able to retrieve the key and the cipher text. Therefore, examine your design to ensure that the encryption keys and the encrypted data are secured. Consider the following review questions:

  • How do you secure the encryption key?

If you use DPAPI, the platform manages the key for you. Otherwise, the application is responsible for key management. Examine how your application secures its encryption keys. A good approach is to use DPAPI to encrypt the encryption keys that are required by other forms of encryption. Then securely store the encrypted key, for example, by placing it in the registry beneath a key configured with a restricted ACL.

  • How often are keys recycled?

Do not overuse keys. The longer the same key is used, the more likely it is to be discovered. Does your design consider how and how often you are going to recycle keys and how they are going to be distributed and installed on your servers?

Personal tools