Use of RSA Algorithm without OAEP

From VulneraPedia

Jump to: navigation, search

This is a Vulnerability. To view all of them, please see the Vulnerability Category page.


Contents

CWE Identificator

780


Description

Description_Summary

The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

Extended_Description

Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.

Exposure Period

  • Architecture and Design
  • Implementation


Likelihood of Exploit

Medium

Common Consequences

Scope Effect
Confidentiality Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext.

Demonstrative Examples

Example 1

The example below attempts to build an RSA cipher.

Lenguage: Java Block Nature: Bad_Code

public Cipher getRSACipher() {
 Cipher rsa = null;
 try {
  rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
 }
 catch (java.security.NoSuchAlgorithmException e) {
  log("this should never happen", e);
 }
 catch (javax.crypto.NoSuchPaddingException e) {
  log("this should never happen", e);
 }
 return rsa;
}

While the previous code successfully creates an RSA cipher, the cipher does not use padding. The following code creates an RSA cipher using OAEP.

Lenguage: Java Block Nature: Good_Code

public Cipher getRSACipher() {
 Cipher rsa = null;
 try {
  rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding");
 }
 catch (java.security.NoSuchAlgorithmException e) {
  log("this should never happen", e);
 }
 catch (javax.crypto.NoSuchPaddingException e) {
  log("this should never happen", e);
 }
 return rsa;
}


References

Ronald L. Rivest, Burt Kaliski, RSA Problem, 2003-12-10. http://people.csail.mit.edu/rivest/RivestKaliski-RSAProblem.pdf

Optimal Asymmetric Encryption Padding, Wikipedia, 2009-07-08. http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding

Facts about Use of RSA Algorithm without OAEPRDF feed
CWE Identificator780  +
Consequence ScopeConfidentiality  +
DescriptionDescription_Summary

The soft Description_Summary

The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

Extended_Description

Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.

Exposure Period

  • Architecture and Design
  • Implementation

Architecture and Design

  • Implementation
ExampleThe example below attempts to build an RSA The example below attempts to build an RSA cipher.

Lenguage: Java Block Nature: Bad_Code

public Cipher getRSACipher() {
 Cipher rsa = null;
 try {
  rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
 }
 catch (java.security.NoSuchAlgorithmException e) {
  log("this should never happen", e);
 }
 catch (javax.crypto.NoSuchPaddingException e) {
  log("this should never happen", e);
 }
 return rsa;
}

While the previous code successfully creates an RSA cipher, the cipher does not use padding. The following code creates an RSA cipher using OAEP.

Lenguage: Java Block Nature: Good_Code

public Cipher getRSACipher() {
 Cipher rsa = null;
 try {
  rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWithMD5AndMGF1Padding");
 }
 catch (java.security.NoSuchAlgorithmException e) {
  log("this should never happen", e);
 }
 catch (javax.crypto.NoSuchPaddingException e) {
  log("this should never happen", e);
 }
 return rsa;
}

d never happen", e);

 }
 return rsa;
}
Exposure PeriodArchitecture and Design, and Implementation
LikelihoodMedium  +
ProviderMITRE  +
ReferenceRonald L. Rivest, Burt Kaliski, RSA Problem, 2003-12-10. http://people.csail.mit.edu/rivest/RivestKaliski-RSAProblem.pdf

, and Optimal Asymmetric Encryption Padding, Wikipedia, 2009-07-08. http://en.wikipedia.org/wiki/Optimal_Asymmetric_Encryption_Padding

ScaleMedium  +
SecurityAttributeConfidentiality  +
Personal tools