Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some cryptographic questions #2119

Open
Gax-c opened this issue May 14, 2024 · 0 comments
Open

Some cryptographic questions #2119

Gax-c opened this issue May 14, 2024 · 0 comments

Comments

@Gax-c
Copy link

Gax-c commented May 14, 2024

Hello! I'm new to DataX and when I was browsing the code I found some potential cryptographic risks.

  1. DES and 3DES used
    DES is used here and 3DES is used here. Both DES and 3DES are considered insecure. Is it for compacity?
	private final static String DES = "DES";
    public static final String KEY_ALGORITHM_3DES = "DESede";
  1. Hardcoded key with an empty string
    The key is hardcoded here. I know this empty string is a default key and will only be available when the key is not provided. But a default key with an empty string is also considered insecure, and generating a random string for the default key may be a better choice.
	public static final String KEY = "";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gax-c