Abstract:
The iteration count used by a password-based key derivation function is too low.
Explanation:
A key derivation function is used to derive a key from a base key and other parameters. In a password-based key derivation function, the base key is a password and the other parameters are a salt value and an iteration count. An iteration count has traditionally served the purpose of increasing the cost of generating keys from a password. If the iteration count is too low, the feasibility of an attack increases as an attacker may compute "rainbow tables" for the application and more easily reverse hashed password values.
Example 1: The following code uses an iteration count of 50:
...
Rfc2898DeriveBytes rdb8 = new Rfc2898DeriveBytes(password, salt,50);
...
Applications that use a low iteration count for password-based encryption are exposed to trivial dictionary-based attacks, exactly the type of attack that password-based encryption schemes were designed to protect against.
Recommendations:
When using password-based key derivation functions, the iteration count should be at least 1000, but ideally 100,000 or greater. An iteration count of 1000 will significantly increase the cost of an exhaustive search for passwords, without a noticeable impact on the cost of deriving individual keys. NIST SP 800-132 recommends using an iteration count of as high as 10,000,000 for critical keys or very powerful systems.
The Fortify Secure Coding Rulepacks will report a more severe issue for use of fewer than 1000 iterations, and will report a lower severity issue for use of an iteration count from 1000 to 100,000. If your source code is using 100,000 or more iterations, then no issue will be reported.
Example 2: The following code uses an iteration count of 100,000:
...
Rfc2898DeriveBytes rdb8 = new Rfc2898DeriveBytes(password, salt,100000);
...
0 comments:
Post a Comment