Insecure support of setting PBE less then 1000 iteration count
Issue #203
closed
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector on Java language(Our main concern is the secure implementation and use of Json Web Token). We found your great public repository and several security issues detected by our detector are shown in the following.
We found it is supported to set iteration count toward setting header parameter “p2c”,when using PBE algorithm to generate JWE. And the library does not check the count of iterations, so users may set the number of iterations to be less than 1000.
long iterationCount = 500L;\\
encryptingJwe.setHeader(HeaderParameterNames.PBES2_ITERATION_COUNT, iterationCount);
We think that the library need also limit the number of iterations specified by the user, and not allow to set the iteration count less than 1000. Because some inexperienced developers may set an insecure iteration count.
Comments (3)
-
-
repo owner
- changed status to resolved
-
repo owner
- changed status to closed
in jose4j/0.9.3
- Log in to comment
I think it’d make sense to put a check in
Pbes2HmacShaWithAesKeyWrapAlgorithm.deriveForEncrypt(...)that fails if the iteration count is less than 1000.