[Esapi-user] FYI - Change to Encryptor.EncryptionAlgorithm

Kevin W. Wall kevin.w.wall at gmail.com
Sat Jan 23 03:22:21 EST 2010


***** A notice for ESAPI 2.0 compatibility with ESAPI 1.4 *****

I have changed Encryptor.EncryptionAlgorithm in ESAPI.properties (which is only
used by LegacyJavaEncryptor by the way) from "AES" to "PBEWithMD5AndDES" so that
it would actually be compatible w/ ESAPI 1.4 out-of-the-box should one change
ESAPI.Encryptor to org.owasp.esapi.reference.crypto.LegacyJavaEncryptor.

I originally had it set to AES in earlier release candidates because that's
what it was in ESAPI 2.0rc1 or 2.0rc2 which was when I started working on this.
I had mistakenly assumed that that was also what was being used in 1.4 because
I had not seen it otherwise. It was only seeing some of the blogs mention
the use of "PBEWithMD5AndDES" in ESAPI 1.4 that I realized my assumption was
wrong.

Of course, "PBEWithMD5AndDES" is even much worse than "AES", not only because of
the way that the encryption key is formed form a password hashed about 1K times
with MD5 (so dictionary attacks work extremely well), but also because DES only
has a 56-bit effective key size. (The 8 bits of parity can be ignored.) Any
cipher with only a 56-bit key size is well within the range of being brute
forced within a reasonably short period.

So, what does all this mean? Well, for one, if you are using ESAPI 1.4 and can't
switch to some release candidate of 2.0, I would stop immediately and at least
change the EncryptionAlgorithm property to something like AES. This is
especially true if you are storing the encrypted data in a DB or wherever.
(Of course, this will make the ciphertext size somewhat larger as AES has
twice the block size that DES does.) Or using DESede is another possibility.
The ciphertext size should be the same for that. You will also have to
change your MasterPassword or whatever 1.4 is using. (I've not taken time
to look at the code recently, but whatever it is, it can be good! ;-) At a
minimum, you will have to ensure that it is at least long enough.

Of course, if I don't change this property, then those using 2.0 but trying
to be compatible by using LegacyJavaEncryptor will have to make this change
themselves. However, please note that my changing this in *NO WAY* endorses
using PBEWithMD5AndDES. As I've said many times on this list and elsewhere,
my advice on that is "RUN AWAY!!!!".

Later,
-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME



More information about the Esapi-user mailing list