Use of insecure cipher modePTC-W1005
cwe, a02, a06, cwe-327, owasp-top-10
Use of insecure cipher mode such as ECB
is not recommended for use in cryptographic protocols because it is semantically insecure.
A block cipher uses a symmetric key to encrypt data in groups (blocks) of a pre-determined size (128 bits, 256 bits, etc). When dealing with data of arbitrary length, the cipher must be combined with a mode of operation.
When ECB
mode is used, a message is divided into blocks. Each block of plaintext is encrypted independently of any other block.
ECB
encrypts identical plaintext blocks into identical ciphertext blocks. This is a problem because it will reveal if the same messages blocks are encrypted multiple times.
Using ECB
allows an attacker to:
- Detect if two encrypted messages are identical.
- Detect if a block contains repetitive data.
- Detect if encrypted messages share a common prefix.
It is recommended to use any other mode besides ECB
.
Bad practice
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
cipher = Cipher(algorithms.AES(key), modes.ECB())
Recommended
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
References:
- ECB mode
- Read more about different cipher modes here -- https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/#module-cryptography.hazmat.primitives.ciphers.modes
- Stack overflow - Why not to use ECB
- OWASP Top 10 2021 Category A02 - Cryptographic Failures
- OWASP Top 10 2021 Category A06 - Vulnerable and Outdated Components
- CWE 327 - Use of a Broken or Risky Cryptographic Algorithm