centos 7
crypto weakness #296

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

nss-softokn-3.36.0/nss/cmd/fipstest/fipstest.c

Context:

The highlighted line of code below is the trigger point of this particular Centos 7 crypto weakness.

                 i++;
            }
            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
                hex_to_byteval(&buf[i], &plaintext[j]);
            }
            plaintextlen = j;
            rv = tdea_encrypt_buf(mode, key,
                                  (mode == NSS_DES_EDE3) ? NULL : iv,
                                  ciphertext, &ciphertextlen, sizeof ciphertext,
                                  plaintext, plaintextlen);
            if (rv != SECSuccess) {
                goto loser;
            }

            fputs(buf, resp);
            fputs("CIPHERTEXT = ", resp);
            to_hex_str(buf, ciphertext, ciphertextlen);
            fputs(buf, resp);
            fputc('\n', resp);
            continue;
        }
        /* CIPHERTEXT = ... */
        if (strncmp(buf, "CIPHERTEXT", 10) == 0) {
            /* sanity check */
            if (crypt != DECRYPT) {
                goto loser;
            }

            i = 10;
            while (isspace(buf[i]) || buf[i] == '=') {
                i++;
            }
            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
                hex_to_byteval(&buf[i], &ciphertext[j]);
            }
            ciphertextlen = j;

            rv = tdea_decrypt_buf(mode, key,
                                  (mode == NSS_DES_EDE3) ? NULL : iv,
                                  plaintext, &plaintextlen, sizeof plaintext,
                                  ciphertext, ciphertextlen);
            if (rv != SECSuccess) {
                goto loser;
            }

            fputs(buf, resp);
            fputs("PLAINTEXT = ", resp);
            to_hex_str(buf, plaintext, plaintextlen);
            fputs(buf, resp);
            fputc('\n', resp); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.