AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insufficient Encryption Key Size

An attacker can break the encryption algorithm used and find the plain text secret keys, passwords and other credentials that were thought to be “protected” using encryption algorithms

Severity

Critical

Fix Cost

Medium

Trust Level

High

The encryption algorithms that were proven to be secure once are announced to be insecure with time passing because of the increasing computational power used in brute force attacks.

For example, RSA is an asymmetric encryption algorithm where the encryption and decryption is performed using two different keys; namely public and private keys. It has been considered that RSA brings insufficient secrecy when used with a short sized keys, such as 512 bits, or in general any key size of under 2048 bits. Here’s an example;

                                       
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(1024);
rsa.Encrypt(plaintext, false);
                 
            

The encryption algorithms that were proven to be secure once are announced to be insecure with time passing because of the increasing computational power used in brute force attacks.

For example, RSA is an asymmetric encryption algorithm where the encryption and decryption is performed using two different keys; namely public and private keys. It has been considered that RSA brings insufficient secrecy when used with a short sized keys, such as 512 bits, or in general any key size of under 2048 bits. Here’s an example;

                                       
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair kp = kpg.generateKeyPair();
PublicKey pubk = kp.getPublic();
PrivateKey prvk = kp.getPrivate();
                 
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!