[jira] [Updated] (DELTASPIKE-1474) Inquiry Regarding Potential Inadequate Password-Based Encryption in DefaultCipherService.aesEncrypt (DeltaSpike 1.9.4)

[Yifan Xia (Jira)]

     [ 
https://issues.apache.org/jira/browse/DELTASPIKE-1474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yifan Xia updated DELTASPIKE-1474:
----------------------------------
    Description: 
Hey everyone,

I've got a question concerning the aesEncrypt method within 
org.apache.deltaspike.core.impl.crypto.DefaultCipherService.aesEncrypt.

This method employs a custom key derivation function:
{code:java}
private SecretKeySpec getSecretKeySpec(String password)
{
byte[] pwdHash = secureHash(password);
byte[] key = Arrays.copyOf(pwdHash, 16); // using only the first 128 bits
// Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" 
patch
return new SecretKeySpec(key, "AES");
}
{code}
Here, the function hashes the provided password once to serve as the encryption 
key, without utilizing a standard pbkdf api.
{code:java}
protected byte[] secureHash(String value)
{
try
{
MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
return md.digest(value.getBytes(UTF_8));
}
catch (NoSuchAlgorithmException e)
{
throw new RuntimeException(e);
}
}
{code}
However, employing such a low iteration count might not suffice for 
contemporary encryption standards. For instance, RFC 8018 suggests a minimum of 
1000 iterations for PBE[1]. In 2023, OWASP recommended employing 600,000 
iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512[2]. 

How about utilizing a standard PBKDF with a higher iteration count instead?
Or we can simply use multi-round hash in the secureHash method for better 
security

For instance:
{code:java}
private SecretKeySpec getSecretKeySpec(String password, String salt)
{
int iterationCount = 10000; // Recommended: at least 10,000 iterations
int keyLength = 128; // utilizing 128-bit AES
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 
iterationCount, keyLength);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
byte[] key = factory.generateSecret(spec).getEncoded();
// Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" 
patch
return new SecretKeySpec(key, "AES");
}

{code}
[1]["PKCS #5: Password-Based Cryptography Specification, Version 
2.0"|http://tools.ietf.org/html/rfc2898#section-5.2]
[2] ["Password Storage Cheat 
Sheet"|https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2]

  was:
Hey everyone,

I've got a question concerning the aesEncrypt method within 
org.apache.deltaspike.core.impl.crypto.DefaultCipherService.aesEncrypt.

This method employs a custom key derivation function:
{code:java}
private SecretKeySpec getSecretKeySpec(String password)
{
byte[] pwdHash = secureHash(password);
byte[] key = Arrays.copyOf(pwdHash, 16); // using only the first 128 bits
// Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" 
patch
return new SecretKeySpec(key, "AES");
}
{code}
Here, the function hashes the provided password once to serve as the encryption 
key, without utilizing a standard pbkdf api.
{code:java}
protected byte[] c(String value)
{
try
{
MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
return md.digest(value.getBytes(UTF_8));
}
catch (NoSuchAlgorithmException e)
{
throw new RuntimeException(e);
}
}
{code}
However, employing such a low iteration count might not suffice for 
contemporary encryption standards. For instance, RFC 8018 suggests a minimum of 
1000 iterations for PBE[1]. In 2023, OWASP recommended employing 600,000 
iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512[2]. 

How about utilizing a standard PBKDF with a higher iteration count instead?
Or we can simply use multi-round hash in the secureHash method for better 
security

For instance:
{code:java}
private SecretKeySpec getSecretKeySpec(String password, String salt)
{
int iterationCount = 10000; // Recommended: at least 10,000 iterations
int keyLength = 128; // utilizing 128-bit AES
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 
iterationCount, keyLength);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
byte[] key = factory.generateSecret(spec).getEncoded();
// Note: utilizing 128-bit AES avoids the necessity for the "Unlimited Crypto" 
patch
return new SecretKeySpec(key, "AES");
}

{code}
[1]["PKCS #5: Password-Based Cryptography Specification, Version 
2.0"|http://tools.ietf.org/html/rfc2898#section-5.2]
[2] ["Password Storage Cheat 
Sheet"|https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2]


> Inquiry Regarding Potential Inadequate Password-Based Encryption in 
> DefaultCipherService.aesEncrypt (DeltaSpike 1.9.4)
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: DELTASPIKE-1474
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-1474
>             Project: DeltaSpike
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>            Reporter: Yifan Xia
>            Priority: Major
>
> Hey everyone,
> I've got a question concerning the aesEncrypt method within 
> org.apache.deltaspike.core.impl.crypto.DefaultCipherService.aesEncrypt.
> This method employs a custom key derivation function:
> {code:java}
> private SecretKeySpec getSecretKeySpec(String password)
> {
> byte[] pwdHash = secureHash(password);
> byte[] key = Arrays.copyOf(pwdHash, 16); // using only the first 128 bits
> // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited 
> Crypto" patch
> return new SecretKeySpec(key, "AES");
> }
> {code}
> Here, the function hashes the provided password once to serve as the 
> encryption key, without utilizing a standard pbkdf api.
> {code:java}
> protected byte[] secureHash(String value)
> {
> try
> {
> MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
> return md.digest(value.getBytes(UTF_8));
> }
> catch (NoSuchAlgorithmException e)
> {
> throw new RuntimeException(e);
> }
> }
> {code}
> However, employing such a low iteration count might not suffice for 
> contemporary encryption standards. For instance, RFC 8018 suggests a minimum 
> of 1000 iterations for PBE[1]. In 2023, OWASP recommended employing 600,000 
> iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512[2]. 
> How about utilizing a standard PBKDF with a higher iteration count instead?
> Or we can simply use multi-round hash in the secureHash method for better 
> security
> For instance:
> {code:java}
> private SecretKeySpec getSecretKeySpec(String password, String salt)
> {
> int iterationCount = 10000; // Recommended: at least 10,000 iterations
> int keyLength = 128; // utilizing 128-bit AES
> KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 
> iterationCount, keyLength);
> SecretKeyFactory factory = 
> SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
> byte[] key = factory.generateSecret(spec).getEncoded();
> // Note: utilizing 128-bit AES avoids the necessity for the "Unlimited 
> Crypto" patch
> return new SecretKeySpec(key, "AES");
> }
> {code}
> [1]["PKCS #5: Password-Based Cryptography Specification, Version 
> 2.0"|http://tools.ietf.org/html/rfc2898#section-5.2]
> [2] ["Password Storage Cheat 
> Sheet"|https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)