Insecure support of setting PBE less then 1000 iteration count

Issue #203 closed
KANII created an issue

Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector on Java language(Our main concern is the secure implementation and use of Json Web Token). We found your great public repository and several security issues detected by our detector are shown in the following.

We found it is supported to set iteration count toward setting header parameter “p2c”,when using PBE algorithm to generate JWE. And the library does not check the count of iterations, so users may set the number of iterations to be less than 1000.

        long iterationCount = 500L;\\
        encryptingJwe.setHeader(HeaderParameterNames.PBES2_ITERATION_COUNT, iterationCount);

We think that the library need also limit the number of iterations specified by the user, and not allow to set the iteration count less than 1000. Because some inexperienced developers may set an insecure iteration count.

Comments (3)

  1. Brian Campbell

    I think it’d make sense to put a check in Pbes2HmacShaWithAesKeyWrapAlgorithm.deriveForEncrypt(...) that fails if the iteration count is less than 1000.

  2. Log in to comment