Open lialon opened 3 months ago
In the "crypt4gh/crypt4gh/keys/ssh.py", I have identified a security vulnerability about insecure cryptographic algorithm. Triple DES(TDEA) is disallowed or for legacy use after 2023.
https://github.com/EGA-archive/crypt4gh/blob/master/crypt4gh/keys/ssh.py#L70
return Cipher(algorithms.TripleDES(key), modes.CBC(iv), backend=backend)
Try using other symmetric encryption algorithm like AES instead of TDEA.
Description:
In the "crypt4gh/crypt4gh/keys/ssh.py", I have identified a security vulnerability about insecure cryptographic algorithm. Triple DES(TDEA) is disallowed or for legacy use after 2023.
Location:
https://github.com/EGA-archive/crypt4gh/blob/master/crypt4gh/keys/ssh.py#L70
Reference
Recommendations:
Try using other symmetric encryption algorithm like AES instead of TDEA.